Word Notes 11.10.20
Ep 23 | 11.10.20

cyber threat intelligence (CTI) (noun)


Rick Howard: The word is: C.T.I.

Rick Howard: Spelled: C as in cyber, T as in threat, and I as an intelligence.

Rick Howard: Definition: Information used by leadership to make decisions regarding the cybersecurity posture of their organization.

Rick Howard: Example sentence: NSA gathers foreign cyber threat intelligence and works to determine attribution of malicious cyber intrusions.

Rick Howard: Context: Cyber threat intelligence operations are a newer subset of those general purpose intelligence operations that have been around since the world was young. According to Professor Liulevicius of the University of Tennessee and his "Great Courses" class "Espionage and Covert Operations," intelligence work in the form of espionage, first appears in the written historical record around 2000 B.C. on a clay tablet that was found on the banks of the Euphrates River. Ever since the beginning, though, intelligence has been about collecting information for leaders to use and making decisions. One common mistake is to confuse intelligence with news. If you are reading a weather report because you are interested in the chances that rain will ruin your picnic this weekend, that's news. If the rain forecast causes you to change venues from the park to your garage, that is intelligence. The intelligence process is the same for all intelligence operations. Get information requirements from the boss, collect data that might answer those information requirements, analyze the data and create a report, and finally distribute that report to the boss. The kinds of intelligence produced by each individual team will vary widely, though, depending on what the leader wants to know. That is why intelligence products by corporate cyber threat intelligence teams are completely different from, say, the CIA's National Intelligence Estimate, designed for the President of the United States. Cyber threat intelligence didn't really get a start until the late 1990s, according to Jason Healey, senior research scholar at Columbia University's School for International and Public Affairs, the Department of Defense assigned the first official cyber intelligence officer, Bob Gourley, to the newly formed Joint Task Force Computer Network Defense or JTF-CND in 1998. Prior to that, Staff Sergeant Bob Goad was unofficially performing cyber intelligence work at the relatively new DoD CERT. Also, in 1998, a commercial company called iDefense became the first intelligence service designed for the private sector.

Rick Howard: Nerd reference: In February 2013, the commercial cyber intelligence company Mandiant released a now famous 74-page APT1 report that told the story of how the Chinese military had been conducting cyber espionage operations against almost 150 different commercial and government organizations around the world. Chinese cyber espionage had begun in the early 2000s, and the US military secret code name for it was TITAN RAIN. But prior to the APT1 report, nobody except for Google in 2010, talked about successful cyber breaches against their organization for fear that public knowledge would impact their bottom line. In the government space, cyber attacks were not a mainstream concern. The Mandiant APT1 report challenged all of that and catapulted commercial cyber intelligence as a legitimate business. According to Nick Selby, writing for DarkReading back in 2014, one of the most positive impacts of the APT1 report is the undeniable rise in the stature of the threat intelligence industry.