CS Mar-Apr 2020
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
expert insights<br />
THE INTELLIGENT APPROACH TO CYBER THREAT INTELLIGENCE<br />
SEEKING SOMEONE WHO CAN UNDERSTAND VULNERABILITY, EXPLOITATION AND ATTACKER MOTIVATION?<br />
IAN THORNTON-TRUMP, CHIEF INFORMATION SECURITY OFFICER FOR CYJAX, MAY HAVE THE ANSWER<br />
Ian Thornton-Trump, Cyjax.<br />
As soon as you say the word<br />
'Intelligence', everyone seems to<br />
think 1960s East Germany. I don't<br />
know why everyone seems to think that<br />
the words 'Intelligence Analyst' are<br />
exclusively reserved for nation states or<br />
large organisations. I'm here to tell you<br />
that tactical intelligence and strategic<br />
intelligence are easily within the reach<br />
of most organisations - no trench coats<br />
required.<br />
The reality is that an 'intelligence<br />
Analyst Skill' is not learned in university;<br />
it's generally the domain of law<br />
enforcement, military or government<br />
agency service. That's a travesty that<br />
I am going to fix right now. It does not<br />
require some sort of special person,<br />
special forces qualified and of<br />
exceptional intelligence. It does require<br />
a person to be able to embrace a<br />
different way of thinking and writing,<br />
which moves beyond traditional<br />
academic writing or journalism.<br />
Intelligence analysis and the products<br />
that process produces are all about<br />
timely, accurate and actionable content -<br />
a marked departure from 5,000 words<br />
on the fall of the Prussian Empire or an<br />
attempt to sensationalise the latest<br />
celebrity misstep.<br />
When you stick the Cyber word in front<br />
of 'Intelligence Analysis', one may think<br />
that this is even more esoteric profession,<br />
but it is actually applying the 'world's<br />
second oldest profession's' thinking to<br />
a relatively new problem. Despite the<br />
Hollywood and media stereotypes of<br />
excessive gym-based activity 'Blackhat'<br />
or nerdy computer skills '<strong>CS</strong>I Cyber', the<br />
actual "Cyber Threat Intelligence Analyst"<br />
needs none of those marksmanship or<br />
hacking skills - it's not to say they may<br />
not help, but realistically it's unlikely to<br />
be needed in day-to day-activity.<br />
So, the question is: What is a Cyber<br />
Threat Intelligence Analyst? An oracle?<br />
A fortune teller? In simple terms,<br />
it's someone that can understand<br />
vulnerability, exploitation and attacker<br />
motivation. An expert at threat<br />
modelling with gifted communication<br />
skills. Folks that have had to stand in<br />
front of a class or defend a dissertation<br />
are generally superior recruits for<br />
executing analysis tasks to protect<br />
organisations. If Park Rangers look for<br />
fires through binoculars, Intelligence<br />
analysts tell them where to look and why<br />
they need to look. That's the essence of<br />
the job.<br />
One can easily understand that, if you<br />
know where to look and why you need<br />
to look, this is a huge cost savings and<br />
a huge time saving - that's the value<br />
of intelligence when it comes to your<br />
organisation. Imagine if a person was<br />
able to look at what you have and tell<br />
you what bad guys have that may take it<br />
away, and what you could do to thwart<br />
them. A 'win', then, is getting in front of<br />
an attack by knowing when, where and<br />
how the attack might come.<br />
Now, truth be told, I've had a lot of<br />
training as an intelligence analyst<br />
(Canadian Forces & RCMP - I was actually<br />
trained by a ex-CIA instructor) and, in the<br />
case of 'Eternal Blue', 'Blue Keep' and the<br />
registration of a fraudulent typosquating<br />
domain, along with issue of a certificate<br />
for that typosquating domain, I'm<br />
very confident that an attack on an<br />
organisation is forthcoming - as that's<br />
what bad guys do. My prediction based<br />
upon analysis comes from experience,<br />
but how I reach that conclusion is an<br />
intellectual process - easily taught and<br />
more accurate over time with analyst<br />
experience.<br />
Good intelligence can help direct a<br />
spoiling attack - something that disrupts<br />
the bad guys from successfully executing<br />
an exploit against you. The information<br />
to protect your organisation is out there<br />
- you just need someone that is trained<br />
in the art of listening and direct your<br />
organisation to take action.<br />
30<br />
computing security <strong>Mar</strong>/<strong>Apr</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk