Intelligence in the Cyber Age
Written by Martin Camilleri
Cyber security attacks are on the increase and are becoming more sophisticated against Governments, companies, and individuals.
The latest large-scale attack that has affected a wide range of organisations from Governments to multinational companies, was conducted deeply within the heart of these organisations by compromising the supply chain of these organisations and getting access to sensitive and exclusive information. This type of attack clearly shows that while implementing defensive security measures and keeping your systems updated is very important, it is not just enough. In conjunction with these measures, it is very important that cyber threat information and intelligence is shared amongst organisations so that they complement the security measures being implemented having a full holistic infrastructure defence program.
Information gathering is one of the oldest professions that have ever existed. The Mesopotamians and Egyptian Pharos resorted to information and intelligence gathering to be able to protect better their nation and their people. The Romans had information scouts who would gather information on formations and locations of enemy armies. In the late 1800’s Britain also realised the importance of gathering information and turn it into intelligence to be able to protect the Kingdom against threats from other countries.
During the years, intelligence gathering has been classified into different categories, mainly related to particular activities. HUMINT (Humans Intelligence) intelligence is described as intelligence or information gathered from humans delivered by contact between persons. Basically, HUMINT was the intelligence our old ancestors had at the time since the information was relayed by humans. With the introduction of technology other types of intelligence evolved such a SIGINT (Signals Intelligence) which is intelligence gathered from signal interception, IMINT (Imagery Intelligence), intelligence gathered from imagery and OSINT (Open Source Intelligence) intelligence gathered from publicly available information appearing in print or electronic form, including radio, television, newspapers, journals, the Internet, Social Media, commercial data repositories, and videos.
Intelligence played a crucial role in all wars. For example, during the World War II, the success of intelligence highly contributed to subdue and eventually defeat the AXIS forces and the Third Reich. In today’s world the enemy is manifesting itself over the Internet. The victims of such attackers have no boundaries and include Governments, companies and even individuals, with various objectives ranging from espionage and harm to nations to financial gain. To have an effective defence system one should also engage onto intelligence gathering and act upon it.
Intelligence is also relevant in the cyber world, where on a daily basis organisations deploy systems and processes to combat cyber security attacks such as firewalls to protect the networks, anti-virus systems, end-point protection systems and email protection systems to mention a few, it is a wise step in the right direction to couple these security measures with cyber threat information sharing and gathering.
Receiving alert information on systems and software vulnerabilities beforehand will enable organisations to update their systems before an attack that exploits that vulnerability is released. Often attackers take advantage of such weaknesses to launch their attacks. Another information sharing advantage is when organisations detect possible phishing campaigns and malicious website links. Sharing such information with your peers will provide the possibility to prepare and protect against such campaigns before they hit an entity’s infrastructure. This information is usually termed as Indicators of Compromise (IOCs), pieces of data that identify the characteristics of an attack that can be used to detect and mitigate an attack. Other sophisticated cyber threat intelligence gathering methods include scanning for malicious activity over networks and the Internet, using specialised tools such as honeypots, network traffic pattern and behaviour analysis and dark/deep web monitoring.
MITA has understood that cyber threat intelligence gathering, and sharing is an important activity for protecting the Maltese Government infrastructure. MITA is also committed to play an active role in national cyber threat information sharing to ensure that potential cyber threats are communicated to other stakeholders to assist them in protecting their infrastructures and the Maltese cyber space. Cyber threat intelligence is a proactive measure that assures systems are protected before these are attacked supporting the saying “prevention is better than cure” and that forewarned is forearmed.
Organisations who wish to join our community and would like to receive intelligence from MITA, are encouraged to make contact with the MITA Cyber Threat Intelligence Team on firstname.lastname@example.org, providing organisation’s details and an overview of the operating business sector and it will be our pleasure to have a chat and collaborate together and secure our digital future.