It Takes a Village
The Importance of Developing Your Intelligence Community
Before we get to the Intelligence part, we should probably start with defining what a community is. Our good friend Merriam-Webster states that a community is “a unified body of individuals: such as a body of persons of common and especially professional interests scattered through a larger society.” It would seem natural to look within an organization to identify multiple communities, within departments, between employees and customers, certainly in the information security staff.
So what is the Intelligence Community? As outlined in the Security Act of 1947 and President Reagan’s signing of EO12333 — The Intelligence Community (IC) comprises the various intelligence agencies that work collectively to undertake “intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.” Why is that important? The aspect of “community” goes beyond just sharing information; the individual entities share their information needs as well, but more importantly, they share their processes and procedures. The only way they can successfully do this is through a common set of standards and ontology. Like the dedicated IC professionals serving this country, an organization’s information security professionals are no different in their efforts and drive. And in the same way, those various teams would also benefit collectively from being part of a greater “community.”
Are we there yet?
No. But we’re well on our way. In recent years, there has been significant progress in information sharing between organizations, much in thanks to the various ISAC and ISAOs in place. Although far from perfect, there is a growing acceptance of the need to share information with other organizations. Even in the face of stiff competition, in security terms — “a rising tide raises all boats.” Commercial leadership is learning that safely sharing threat information with their peers goes far more to reducing risk than staying silent ever will. Now, granted, most organizations are happy to receive yet reluctant to share still, but we’re getting there. However, as external information sharing practices are expanding, organizations still have a long way to go with internal sharing.
It starts at home
To be part of a larger Intelligence Community, your own organization needs to know how to participate. The best way to gain this understanding is to start with building your internal community. There is a common misconception in this industry that the intelligence team is its own separate information security entity — like the incident response team and the insider threat program. I have often said that intelligence is not just another spoke in the information security wheel where the CISO sits at the hub. No, the intelligence function should be the glue that binds those spokes and hub together. Think of your intelligence program as the knowledge management aspect of information security.
Build your intelligence community internally first — your comprising members are all the lines of business and individual teams that make up your organization. Your intelligence program is responsible for maintaining the community — identifying the key stakeholders and their intelligence information needs, finding commonalities, centralizing the information, improving lines of communication, and developing the community’s process and procedures.
Is it really that simple?
Yes! Conceptually, that is. In practice, it is really, really difficult. Sure, there are many guides, manuals, manifestos, and government doctrine readily available that speak to how the big IC does it, or how this organization has figured it out from a high-level. But it still takes a lot of planning, vision, patience, and trial & error on the part of your intelligence team to implement that theory and get it right for your organization.
However, if you are a leader of an organization with said vision, and want support in confidently making decisions. If you wish for your teams from across your organization to speak to you in a unified voice, then pushing to build your internal intelligence community is the path forward. It is a top-down effort, that is for sure, but it can be done.
Happy to discuss more! Find me here, at https://www.linkedin.com/in/brianvmohr/ or at https://d3intel.solutions.
