GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

By Angela Hill and Edwin Hill

The United States Intelligence Community, or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office.

The IC gathers, stores and processes large amounts of data, from a variety of sources,  in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.

Related video: Using the NIST framework as a starting point

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures.

The IC has been using this approach to generate reliable and accurate intelligence that is the basis for making vital national security decisions, in particular, those having to do with protecting critical U.S. infrastructure from cyber attacks.

In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. Such threats impact more businesses than you may think.

Per a 2017 CNN source, nearly 100,000 agents from as many as 80 nations operate within the United States with the intention of targeting businesses to gain access to key U.S. infrastructure, personnel, and to steal proprietary intellectual property.

A. Hill

These threat actors in particular are targeting these sectors: chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial bases, emergency services, energy facilities, financial services, food and agriculture, healthcare and public health, information technology, nuclear reactors, materials and waste operations, transportation systems, and water and wastewater systems.

Homeland Security lists the above sectors as the top 16 critical infrastructure sectors that have assets, systems, and networks, whether physical or virtual that are considered vital to the United States.

The Intelligence Cycle can be broken down into a five step process that results in dynamic solutions:

Planning. Determine the issues to be addressed and what information could be gathered to provide answers.

•Collection. Gather raw data from various sources.

•Processing. Synthesize the raw data into a usable state. Apply information and process management to yield insights.

•Analysis. Integrate and evaluate the data into actionable final intelligence products.

•Dissemination. Deliver the final intelligence products to the policymakers or decision makers who requested the data.

E. Hill

Intelligence experts agree that each of these five steps is instrumental in developing usable data for key stakeholders. This cycle results in a sense of mission and transparency to people carrying out their day-to-day tasks. And it allows information to flow freely and directly to those that have a need to know.

Today businesses at large face much the same threats as the IC. There is much to be gained by following the approach to collaboration, processes, and methodologies that continues to work so well for the IC.

About the authors: Angela Hill is co-founder and CEO, while Edwin Hill is co-founder and CIO of JADEX, LLC., a  consultancy, based in Grand Rapids, Mich. that is veteran-, minority-, and woman-owned. JADEX helps organizations harness large data to incorporate solutions modeled from the Intelligence Community

 

 

 

 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone