Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Consequence is not enough: The role of cyber intelligence in improving cyberattack estimates
Cyber Security: A Peer-Reviewed Journal,
7
(3),
199-206
(2024)
Abstract
Intelligence assessments continue to emphasise adversary ability and desire to hold critical infrastructure at risk. At the same time, the field of cyber threat intelligence is predominately focused on a review of past cyberattacks to yield insights into future risk. Few researchers focus on methods to improve assessments of adversary capability and intent or address the need for more proactive, predictive analysis. This paper identifies some of the existing weaknesses in cyber threat intelligence analysis and provides some recommendations for how organisations can more comprehensively consider their cyber risk.
Keywords: risk management; threat intelligence; critical infrastructure; impact-driven analysis
The full article is available to subscribers to the journal.
Author's Biography
Sarah Freeman is Chief Engineer for Intelligence, Modeling and Simulation within MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC) where she provides government and private sector partners with actionable cyber threat intelligence and innovative security solutions for the critical infrastructure protection. She has more than a decade’s experience in industrial security and formerly served as an Industrial Control Systems analyst at Idaho National Laboratory.
Mark Bristow is the Director of MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC) where he oversees MITRE’s work to support public and private entities to protect national critical infrastructure from cyber and other non-kinetic threats. Mark joined MITRE from CISA where he was formerly the Branch Chief for Cyber Defense Coordination, where he leveraged his expertise in incident response, industrial control systems, network monitoring and defence to support national security interests. Prior to threat hunting, Mark was the Director of the Hunt and Incident Response Team (HIRT) as well as the Incident Response Chief for the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
