Everything has a beginning. Chapter 1 sets out to define cyber threat intelligence and chart the development of the concept from antiquity to the present day. Despite cyber threat intelligence being a recent concept, the need to characterise threats and to understand the intentions of enemies has ancient roots.

1.1 Definitions

‘Cyber Threat Intelligence’ is a term which is readily understandable, but not necessarily easy to define.

There are a variety of different perspectives and experiences which lead to different understandings of the term. For some, cyber threat intelligence refers to the collection of data. For others the term refers to teams of analysts and the processes required to analyse data. For many it is the name of a product to be commercialised and sold.

Cyber threat intelligence encompasses all these perspectives, and more. This book addresses the many facets of the term, ranging from the historical development of intelligence through to the modern application of cyber threat intelligence techniques.

One area of threat intelligence is purposefully omitted. The covert collection of intelligence from human agents (HUMINT), often obtained from participants within underground criminal forums is beyond the scope of this book. This domain and the associated techniques are a distinct specialism with their own risks and dangers which merits a separate book.

To define what is meant by cyber threat intelligence we must start by understanding the meanings ...