Intelligence Requirements for the Public Sector
By Mike Mimoso
Developing intelligence requirements for the public sector is a different experience than what commercial-sector counterparts endure.
Entities that require intelligence to carry out a mission in the public sector collect data that supports long-term goals and addresses persistent threats. This is in contrast to the nimbleness and flexibility that banks and other enterprises desire in order to rid their networks of adversaries and the latest threats.
Intelligence requirements are formulated during the planning and direction portion of the five-stage intelligence cycle. It’s during this stage when collections are planned, as are the dissemination of intelligence and continuous monitoring activities.
For the public sector, especially at the levels where law enforcement and national security are concerned, intelligence requirements are very much mapped out in a top-down format. Priorities are identified, and those could be anything from cyber threats to counterterrorism, organized crime, or civil-rights preservation.
For every category, specific collection requirements are developed to direct different teams to meet much narrower missions under that umbrella. Ultimately, they’re tasked with a plan of action to collect data and massage that into intelligence to meet those requirements.
Subject-matter experts at the top of the food chain identify missions and develop intelligence requirements. These senior officials pass the requirements on to agents and analysts who are tactical in nature. Most often, those at this level have little input as to what collection requirements may be; that is the purview of senior personnel who have a strategic approach and vision to meet a goal.
It’s at this level too where, if necessary, intelligence requirements are formulated that are aligned across several agencies to address overlapping threats. This happens much more at a national-security level where stakeholders build collection directives suited to each agency to support one overarching mission. The intent here is to avoid a duplication of efforts and address adversaries or threats that collections and intelligence from subject-matter areas in multiple disciplines.
Unlike in the private sector where, by necessity, threats are constantly being re-evaluated and defenses, the public sector also develops standing requirements that are evaluated annually by stakeholders. It’s at this time when long-term, persistent threats are re-evaluated and the previous year’s collection requirements are updated. Stakeholders brainstorm on new adversary capabilities and determine what teams must collect to address new threats.
Specific collections requirements within different agencies and missions can number in the hundreds and should provide a deep dive into an adversary’s activities. They should enable data collections about:
- • Who is behind a threat organization?
- • What that threat looks like top to bottom?
- • How is it organized?
- • Where is it based?
- • Whom an adversary may be aligned with?
- • What type of activity they’re engaged in?
- • How sophisticated is their operation?
- • What tools are among their capabilities?
- • What are their tactics, techniques, and procedures?
One observation that emerges from these requirements is the need for attribution in the public sector, another key differentiator between intelligence requirements for the private sector. Public-sector intelligence requirements, especially for law enforcement and national security, aim to identify adversaries and bring them to justice. Private-sector intelligence requirements are much more defensive and about prevention and mitigation of attacks.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.