Evaluate your cyber-intelligence

* Bad intel is worse than no intel at all

Longtime readers of this column may recall that I wrote about Rob Rosenberger in 2003 as he was heading for duty in the Iraq war. Rob runs SecurityCritics.org and I’m always happy to receive articles from him. Here’s an interesting piece that he sent me as part of a correspondence with a colleague; he has very kindly allowed us to publish this edited version.

* * *

There is a growing market for cyber-intelligence among companies, governments, and militaries. But there is also an old saying in the intelligence community: "Bad intel is worse than no intel at all."

Are you getting bad cyber intelligence? Is there some sort of litmus test we can apply?

The answer is yes: there is a simple two-part litmus test for any intelligence product.

First, does your cyber-intelligence include dossiers on key members of the computer-security-industrial complex? Second, does your intelligence analysis reveal important issues that are embarrassing or even taboo?

Intelligence firms must never dismiss the need for dossiers on the good guys. Why? Because we cannot know our own strengths and weaknesses until we know those of our allies. The CIA keeps a dossier on Britain's Air Chief Marshall Sir Glenn Torpy - and Britain's MI5 keeps a dossier on Air Force Chief of Staff General T. Michael Moseley.

As a computer-security expert, you probably know a lot about the bad guys. But what do you really know about your antivirus vendor? What do you really know about your Web proxy vendor? Do you really know why renowned expert Jimmy Kuo left McAfee for Microsoft?

Ask your cyber-intelligence vendor for a detailed dossier on your antivirus vendor. Ask for a dossier on renowned antivirus expert Costin Raiu. If your vendor keeps dossiers only on the bad guys, then they've failed the first part of the litmus test.

Now let's discuss the second part of the litmus test. Suppose you obtain a dossier on your antivirus vendor. Do they license their antivirus technology from another company? Does it reveal embarrassing or even taboo activities at the firm? Does the dossier offer detailed biographies on major research and development team members? Does it provide a comprehensive bibliography for source information? Does the dossier plagiarize another agency's research?

Intelligence firms must never dismiss the need for the whole truth. Why? Because a partial truth is actually a lie by omission. Intelligence firms get paid to deliver information, not to withhold it. We learned this lesson the hard way on 9/11/01.

Dissect the dossier on your antivirus vendor. If it contains only news stories, press releases and Gartner Group's short-term assessment of the firm, then it fails the second part of the litmus test. Dissect the dossier on renowned expert Costin Raiu. If it fails to include what I said about him in 2006 in a speech where I predicted that a foreign intelligence agency will oversee nearly all corporate antivirus research by 2010 (video or audio), then it fails the second part of the litmus test. It's that simple.

Now it's time to put YOU to the test. Let's suppose you realize you've subscribed to poor intel for all these years. Your CIO pays you to give him good cyber intelligence. Will you reveal this truth to your CIO - or will you lie by omission?

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies