Software Engineering Institute

March 31, 2015—A new consortium at the Carnegie Mellon University Software Engineering Institute (SEI) is taking a unique approach to researching and teaching cyber intelligence. The Cyber Intelligence Research Consortium, founded in June 2014, brings together member organizations from industry, government, and academia to share ideas and learn from SEI experts.

“During our inaugural year, we developed several practical guides and articles on the art of performing cyber intelligence and hosted interactive in-person events and virtual meetings where members could learn from experts,” said Jay McAllister, technical lead for the consortium and former counterintelligence and counterterrorism analyst for the Naval Criminal Investigative Service (NCIS). The team will mark the end of the consortium’s first year with a capstone event: a hands-on simulation that will take members deep into a cyber intelligence crisis—from the first notification of trouble to combing through massive amounts of information to find the problem, contain it, and attribute it to specific threat actors. 

The consortium, one of the first to bring together organizations from such a variety of sectors, has accepted nine members so far: Airbus, American Express, Carnegie Mellon University, Dominion, PNC, Wells Fargo, and three organizations from the U.S. Intelligence Community and military. 

The consortium’s work comes at a time when organizations are realizing the need for cyber intelligence, a broad effort that requires considering situations strategically from a variety of perspectives. “When we say ‘cyber intelligence,’ we mean looking at the big picture—everything from cybersecurity to environmental factors to technical capabilities of groups and individuals—to understand and predict cyber threats,” said McAllister. 

Like many research efforts, the work of the consortium draws on and contributes to other projects. The consortium grew out of information the team gathered during the Cyber Intelligence Tradecraft Project (CITP), a study sponsored by the U.S. Office of the Director of National Intelligence. During the CITP, 30 organizations provided information about their cyber intelligence methodologies, technologies, processes, and training. “The project found that effective organizations balance the need to protect their network perimeters with the need to look beyond them for strategic insights,” said McAllister, “and we consider this finding as we work with consortium organizations to approach cyber intelligence in a comprehensive way.” McAllister and SEI technical analyst Melissa Kasan Ludwick teach an integrated approach in a graduate-level course they created and taught during the Fall 2014 semester at Carnegie Mellon’s Information Networking Institute, and McAllister will emphasize inclusive thinking and adaptability in his presentation at the RSA Conference on information security in San Francisco in April.

“Ultimately, our focus is helping organizations make better decisions, and cyber intelligence is an incredibly powerful way to do that,” said McAllister.

The SEI is accepting applications for membership for year two. Interested organizations can contact cyber-intel@sei.cmu.edu. For more information about the consortium, watch the Advancing Cyber Intelligence Practices Through the SEI’s Consortium webinar, or visit http://url.sei.cmu.edu/cyberintel.