Cyber Intelligence Analysis

  • Izzat Alsmadi


Cyber intelligence (CYBINT) evolves recently as a discipline with major tasks related to cyber intelligence collection, analysis, and dissemination. CYBINT can be related to several categories of INT (e.g., HUMINT, SIGINT, and OSINT). However, in comparison with those, CYBINT deals with very broad and illusive intelligence spectrum that can require daily changes in terms of intelligence collection, analysis, and dissemination. Additionally, CYBINT can easily cross-national borders bypassing all kinds of security controls. For example, a worm that is created somewhere in the world can spread within hours, minutes, or even seconds to thousands of computers all over the world. One more distinction is that with the five main collection disciplines mentioned earlier, key players are typically countries, government agencies, or some medium to large size companies. On the other hand, in CYBINT, a key player can be just an individual (e.g., a professional hacker) who is making a large impact across the world.


  1. Bambenek J (2013) Hacker hotshots, 11/27/2013Google Scholar
  2. Barger DG (2005) Toward a revolution in intelligence affairs, RAND corporationsGoogle Scholar
  3. Bianco D (2017) The pyramid of pain: threat hunting edition, Huntpedia: your threat hunting knowledge compendiumGoogle Scholar
  4. Brown AE (Georgetown University, 2009) Directed or diffuse? Chinese human intelligence targeting of US defense technologyGoogle Scholar
  5. Chickowski E (2013) Top 15 Indicators of Compromise,, 10/9/2013Google Scholar
  6. Chismon D, Ruks M (2015) Threat intelligence: collecting, analyzing, evaluating. MWR InfoSecurity Ltd.
  7. DoD Joint Publication 2-01, Joint and National Intelligence Support to Military Operations, 22 October 2013.
  8. Fischer EA (2014) Federal laws relating to cybersecurity: overview of major issues, current laws, and proposed legislation.
  9. Gellman B, Poitras L (2013) U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Washington post, June 7, 2013Google Scholar
  10. Grant J (2010) Will there be cybersecurity legislation? 4 J. NAT’L SECURITY L. & POL’Y 103, 111Google Scholar
  11. Information Collection, FM 3-55, Department of the Army, No. 3-55 Washington, DC, 23, April 2012.
  12. Information technology industry council: the IT Industry’s Cybersecurity Principles for Industry and Government (2011),, version 3
  13. Intelligence analysis, Department of the army, FM 34-3
  14. Interagency Threat Assessment and Coordination Group (2009) Homeland security digital library.
  15. IRTPA (2004) The Intelligence Reform and Terrorism Prevention Act,,
  16. ITACG intelligence guide for first responders, 2nd edn (2011) National Counterterrorism Center (NCTC).
  17. Joint Publication 2-01, Joint and National Intelligence Support to Military Operations, 5 July 2017.
  18. Joint Publication 3-13 “Information Operations”—27 Nov. 2012.
  19. Kenny MT (2006) Leveraging operational preparation of the environment in the GWOT, School of advanced military studies, AY 05-06Google Scholar
  20. Keys RE (4 February 2005) Air Force Policy Directive 10-35: Battlefield AirmenGoogle Scholar
  21. Kuyers J (2013) ‘Operational preparation of the environment’: ‘intelligence activity’ or ‘covert action’ by any other name? 4 Am. U. Nat’l Security Law Brief 21 (Winter 2013). Available at SSRN:
  22. Lingel S, Rhodes C, Cordova A, Hagen J, Kvitky J, Menthe L (2008) Methodology for improving the planning, execution, and assessment of intelligence, surveillance, and reconnaissance operations, RAND project airforce.
  23. Lowenthal MM (2008) Towards a reasonable standard for analysis: how right, how often on which issues? Intell Natl Secur 23(3):303–315CrossRefGoogle Scholar
  24. Lowenthal MM (2012) Intelligence: from secrets to policy, 5th edn. SAGE/CQ Press, Los Angeles, p 252Google Scholar
  25. Lowenthal MM (2009) Intelligence: from secrets to policy. CQ Press, Washington, D.C. JK 468. I6 L69.Google Scholar
  26. Lowenthal MM, Clark RM (2016) The five disciplines of intelligence collection. CQ Press, Washington DCGoogle Scholar
  27. Miller JP (1999) Millennium intelligence: understanding and conducting competitive intelligence in the digital age, 1st edn. Information Today, Inc.Google Scholar
  28. Naval war college, Maritime component commander guidebook, July 2014Google Scholar
  29. NSA slides explain the PRISM data-collection program (2013) Washington post, June 7, 2013Google Scholar
  30. OpenIOC (2011, October) An introduction to openioc. Retrieved from
  31. Senkowski RM, Dawson MW (2009) Cybersecurity: a briefing—part II. Wiley Rein LLP, August 5, 2009.
  32. Stech F, Heckman K, Strom BE (2016) Integrating cyber-D&D into adversary modeling for active cyber defense. In: Cyber deception, July 2016Google Scholar
  33. Strategic Intelligence, JP 1-02, 509, John G. Heidenrich, “The intelligence community’s neglect of strategic intelligence”, Studies in intelligence,
  34. Suspicious Activity Reporting, Process Implementation Checklist, Nationwide SAR initiative, NSI.
  35. Tanner (2014) Examining the need for a cyber intelligence discipline. J Homeland Natl Secur Perspect 1:1Google Scholar
  36. U.S. Department of Homeland Security, Target Capabilities List, A companion to the National Preparedness Guidelines (2007)Google Scholar
  37. Vez J-L (2017) Guidance on Public Private Information Sharing against Cybercrime, World economic forumGoogle Scholar
  38. White paper: “Sophisticated indicators for the modern threat landscape: an introduction to OpenIOC” (2013)

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Izzat Alsmadi
    • 1
  1. 1.Texas A&M UniversitySan AntonioUSA

Personalised recommendations