There are various models of intelligence collection and analysis that are in use by the professionals employed within the 16 agencies that comprise the US intelligence community (IC). These legacy approaches served the government well while threats were emanating from the physical domain.
The advent of a netcentric world has changed the threat environment dramatically and, as a result, governments and private corporations need to reassess how they collect and analyze intelligence on the emerging threats that will impact them.
The recent and as yet unsourced attacks against US and South Korean government websites that began over the Independence Day weekend in July 2009 is an interesting case in point.
Another is the August 2009 DDoS attacks that were launched against one Georgian blogger and that knocked Twitter offline and substantially degraded access to Facebook and LiveJournal.
Project Grey Goose (PGG) investigators looked at both incidents, along with established Internet security companies, US-CERT, and the usual collection of government agencies charged with such tasks. This chapter focuses on how PGG research was done and the conclusions that were reached. It also presents the findings of other agencies and proposes some ideas about how and why radically different findings can emerge from the same set of facts.
Finally, this chapter suggests a new approach to conducting cyber intelligence that takes into account the unique ...