In episode 76 of The Cyber5, guest moderator and Nisos Director for Product Marketing, Stephen Helm, is joined by our guest, Dr. Maria Robson, the Program Coordinator for the Intelligence Project of the Belfer Center at Harvard University's Kennedy School.

We discuss the evolution of intelligence roles in enterprise and the ultimate path for intelligence professionals. We cover ethics in private sector intelligence teams and the role of academia in fostering not only the ethics, but also the professionalization of private sector intelligence positions. Dr. Robson also discusses insights into how proactive intelligence gathering capabilities tends to provide most value to enterprise. Finally, she gives an overview of the Association of International Risk Intelligence Professionals work and mission.

Three Takeaways:

1. Ethical Focus is Critical

Ethical lines of consideration and having a standard of what is appropriate for collection and analysis is important but currently very murky. Collection and analysis for the U.S. Intelligence Community would be entirely inappropriate and illegal when collecting against private sector persons and organizations. Standards would ensure, for example, that new analysts know what was in and out of bounds of the type of inquiry that can be answered. The Association of International Risk Intelligence Professionals (AIRIP) is leading the way to identify these standards.

• Apprentice and Guild Process is Critical if Standards are Slow to be Developed

Craft and guild process is important to get jobs in private sector intelligence because there is no linear pathway to employment. Since networking and a manager’s previous experience in the intelligence community, non-profit, or private sector are the driving forces behind mentorship, craft and guild benchmarking and professionalization become important models.

• Security Organization and Reporting Structure Has Changed

Cyber threat intelligence, geopolitical risk, and corporate security have historically been the security functions. Before digging into how cyber threat intelligence benefits a physical security program, we identify a list of some of the services, products, and analyses that a CTI program might address.

The following services have significant overlap with physical security programs:

• Adversary infrastructure analysis
• Attribution analysis
• Dark Web tracking
• Internal threat hunting
• Threat research for identification and correlation of malicious actors and external datasets
• Intelligence report production
• Intelligence sharing (external to the organization)
• Tracking threat actors’ intentions and capabilities

Other CTI services generally do not overlap with physical security and remain the responsibility of cybersecurity teams. These services include malware analysis and reverse engineering, vulnerabilities research, and indicator analysis (enrichment, pivoting, and correlating to historical reporting).

Security teams are now leveraging open-source intelligence and cyber threat intelligence to provide critical information to physical security practitioners. The physical and corporate security programs of these teams generally consist of the following disciplines, with use cases that are at the center of the convergence of cyber and physical security disciplines:

• Executive Protection and Physical Asset Protection
• Travel Security
• Regulatory/Environmental Risk Specific to Business
• Geo-Political Risk
• Supply Chain Risk Management
• Global Investigations