DOCSLIB.ORG

Cyber Intelligence Tradecraft Report the State of Cyber Intelligence Practices in the United States Copyright 2019 Carnegie Mellon University

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Intelligence Tradecraft Report the State of Cyber Intelligence Practices in the United States Copyright 2019 Carnegie Mellon University Cyber Intelligence Tradecraft Report The State of Cyber Intelligence Practices in the United States Copyright 2019 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. References herein to any specific commercial product, process, or service by trade name, trade mark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at [email protected]. * These restrictions do not apply to U.S. government entities. Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM19-0447 Cyber Intelligence Tradecraft Report The State of Cyber Intelligence Contributors Practices in the United States Hollen Barmer Jennifer Kane Heather Evans By Erica Brandon Jared Ettinger Ritwik Gupta Daniel DeCapria Andrew Mellinger Design David Biber, Alexandrea Van Deusen, Todd Loizes Contents Executive Summary ....................................................................1 Cyber Intelligence Study Report ..................................................3 Environmental Context ............................................................. 10 Data Gathering ......................................................................... 36 Threat Analysis ........................................................................ 56 Strategic Analysis ..................................................................... 69 Reporting and Feedback ........................................................... 85 Conclusion ..............................................................................104 Appendix: The Future of Cyber and Cyber Intelligence ..............106 Appendix: Most Popular Cyber Intelligence Resources ...............110 Appendix: Prioritizing Threats for Management (full view) ........111 Glossary .................................................................................112 Executive Summary Strengthening Cyber Intelligence Intelligence dates to ancient times when early civilizations used it to protect their assets and gain an advantage over their adversaries. Although the ways we perform the work of intelligence have changed, it remains as critical as ever. And this can be no truer than in the cyber domain. In performing cyber intelligence, we collect, compare, analyze, and disseminate information about threats and threat actors seeking to disrupt the cyber ecosystem,1 one of our most critical assets. Through cyber intelligence, we know ourselves and our adversaries better. And with that knowledge, we can proactively take steps to better understand risks, protect against threats, and seize opportunities. In 2013, the Software Engineering Institute (SEI) at Carnegie Mellon University conducted a study on behalf of the U.S. Office of the Director of National Intelligence to understand the state of cyber intelligence practices at organizations throughout the country. We conducted a similar study in 2018, and this report details our most recent findings. We built on outcomes from the 2013 study to develop foundational concepts that drive the 2018 study. First, we define cyber intelligence as acquiring, processing, analyzing, and disseminating information that identifies, tracks, and predicts threats, risks, and opportunities in the cyber domain to offer courses of action that enhance decision making. Second, we propose a framework for cyber intelligence; based on the intelligence cycle, its components provide for Environmental Context, Data Gathering, Threat Analysis, Strategic Analysis, and Reporting and Feedback. During the 2018 study, we interviewed 32 organizations representing a variety of sectors to understand their best practices and biggest challenges in cyber intelligence. During conversations guided by questions designed to elicit descriptive answers, we noted organizations’ successes and struggles and how they approached each component of the Cyber Intelligence Framework. We also provided an informal assessment of how well each organization was performing for certain factors within each component. We aggregated and analyzed these answers, grouping what participants told us into themes. This report moves through the Cyber Intelligence Framework, detailing our findings for each component. Three companion implementation guides provide practical advice about artificial intelligence and cyber intelligence, the internet of things and cyber intelligence, and cyber threat frameworks. 1 https://www.dhs.gov/sites/default/files/publications/DHS-Cybersecurity-Strategy_1.pdf 1 There are a number of areas where organizations can take action to improve their cyber intelligence practices. They include differentiating between cyber intelligence and cybersecurity, establishing repeatable workflows, breaking down silos that fragment data and expertise, enabling leadership to understand and become more engaged in cyber intelligence, establishing consistent intelligence requirement and data validation processes, and harnessing the power of emerging technologies. Since 2013, the practice of cyber intelligence has gotten stronger. Yet it is not strong enough. In the coming years, data and compute power will continue to increase, and artificial intelligence will enable us to make sense of threats while also making threats themselves more complex. Organizations of any size can learn from and apply the best practices and performance improvement suggestions outlined in this report. Together we can achieve higher levels of performance in understanding our environment, gathering and analyzing data, and creating intelligence for decision makers. 2 Cyber Intelligence Study Report Introduction ABOUT THIS REPORT: IMPROVING THE PRACTICE OF CYBER INTELLIGENCE This report details the findings of a study the Software Engineering Institute (SEI) at Carnegie Mellon University conducted at the request of the United States Office of the Director of National Intelligence (ODNI). Our mission was simple: understand how organizations across sectors conduct the work of cyber intelligence and share our findings. In this report, we describe the practices of organizations that are performing well and the areas where many organizations struggle, and we identify the models, frameworks, and innovative technologies driving cyber intelligence today. We believe this report can provide a starting point to enable organizations across the country to adopt best practices, work together to fix common challenges, and reduce the risk of cyber threats to the broader cyber community. WHO SHOULD READ THIS REPORT? We have designed this report to be informative for anyone concerned with cyber threats. The following readers will find this report useful: • Organizational Decision Makers: understanding where to direct funding and resources • Cyber Intelligence Team Managers: understanding best practices for your team, including hiring, workflow, and leveraging data • Cyber Intelligence Analysts: understanding best practices, tools for analysis, and what your peers are doing Whether your organization has a robust cyber intelligence program or is just getting started, the actionable recommendations provided in each section of this report can serve as guideposts for helping you achieve high performance. THE IMPORTANCE OF CYBER INTELLIGENCE Cyber intelligence: acquiring, processing, analyzing, and disseminating information that CYBER INTELLIGENCE identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. DEFINED 3 Your organization may protect the confidentiality, integrity, and availability of data and computer systems. Such practices are part of cybersecurity. However, do you know which threat actors have the intent and capability
Load more

Recommended publications
  • CBEST Threat Intelligence-Led Assessments
    Implementation guide CBEST Threat Intelligence-Led Assessments January 2021 CBEST Threat Intelligence-Led Assessments 1 Forward Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures (FMIs), or cause harm to consumers and other market participants in the financial system. Firms and FMIs need to consider all of these risks when assessing the appropriate levels of resilience within their respective businesses. Dealing with cyber risk is an important element of operational resilience and the CBEST framework is intelligence-led penetration testing which aims to address this risk. CBEST is part of the Bank of England and Prudential Regulation Authority’s (PRA’s) supervisory toolkit to assess the cyber resilience of firms’ important business services. This prioritised and focused assessment allows us and firms to better understand weaknesses and vulnerabilities and take remedial actions, thereby improving the resilience of systemically important firms and by extension, the wider financial system. Continued use of CBEST has confirmed its use as a highly effective regulatory assessment tool, which can now also be conducted on a cross-jurisdictional basis, in collaboration with other international regulators and frameworks. This latest version of the CBEST Implementation Guide builds upon the previous framework and contains improvements learned from the extensive testing which has taken place. In particular, we have analysed and implemented changes with the aim of clarifying CBEST roles and responsibilities as well as regulatory expectations for different CBEST activities. While the underlying intelligence-led penetration testing approach remains the same, we have reviewed and updated the technical guidance for most activities, prepared new templates (eg Penetration Testing Report) and incorporated important references to cross-jurisdictional assessments.
    [Show full text]
  • MISSILE DEFENSE Further Collaboration with the Intelligence Community Would Help MDA Keep Pace With
    United States Government Accountability Office Report to Congressional Committees December 2019 MISSILE DEFENSE Further Collaboration with the Intelligence Community Would Help MDA Keep Pace with Emerging Threats GAO-20-177 December 2019 MISSILE DEFENSE Further Collaboration with the Intelligence Community Would Help MDA Keep Pace with Highlights of GAO-20-177, a report to Emerging Threats congressional committees Why GAO Did This Study What GAO Found MDA is developing missile defense The Missile Defense Agency (MDA) is experiencing delays getting the threat capabilities to defend the United assessments needed to inform its acquisition decisions. Officials from the States, deployed forces, and regional defense intelligence community—intelligence organizations within the allies from missile attacks. However, Department of Defense (DOD)—told GAO this is because they are currently missile threats continue to emerge, as overextended due to an increased demand for threat assessments from a adversaries continue to improve and recent upsurge in threat missile activity, as well as uncertainties related to their expand their missile capabilities. transition to new threat processes and products. The delays are exacerbated The National Defense Authorization because MDA does not collectively prioritize the various types of threat Act for Fiscal Year 2012 included a assessment requests submitted to the defense intelligence community or provision that GAO annually assess provide resources for unique requests, as other major defense acquisition and report on the extent to which MDA programs are generally required to do. Without timely threat assessments, has achieved its acquisition goals and MDA risks making acquisition decisions for weapon systems using irrelevant objectives, and include any other or outdated threat information, which could result in performance shortfalls.
    [Show full text]
  • The FBI's Counterterrorism Program
    U.S. Department of Justice Federal Bureau of Investigation Report to the National Commission on Terrorist Attacks upon the United States: The FBI’s Counterterrorism Program Since September 2001 April 14, 2004 Report to The National Commission on Terrorist Attacks upon the United States The FBI’s Counterterrorism Program Since September 2001 TABLETABLE OF OFCONTENTS CONTENTS I EXECUTIVE SUMMARY....................................................................11 II FBI ORGANIZATIONAL CHART................................................. 3 III TIMELINE OF SIGNIFICANT REFORMS AND INITIATIVES SINCE 9/11/01.......................................................... 4 IV INTRODUCTION......................................................................................66 V PRIORITIZATION....................................................................................77 The New Priorities.........................................................................................77 1 Protect the United States from Terrorist Attack..........................................77 2 Protect the United States Against Foreign Intelligence Operations and Espionage........................................................................................77 3 Protect the United States Against Cyber-based Attacks and High-Technology Crimes..................................................................88 4 Combat Public Corruption at all Levels.......................................................88 5 Protect Civil Rights......................................................................................88
    [Show full text]
  • ATP 2-33.4 Intelligence Analysis
    ATP 2-33.4 Intelligence Analysis JANUARY 2020 DISTRIBUTION RESTRICTION: Approved for public release; distribution is unlimited. This publication supersedes ATP 2-33.4, dated 18 August 2014. Headquarters, Department of the Army This publication is available at Army Knowledge Online (https://armypubs.army.mil), and the Central Army Registry site (https://atiam.train.army.mil/catalog/dashboard). *ATP 2-33.4 Army Techniques Publication Headquarters No. 2-33.4 Department of the Army Washington, DC, 10 January 2020 Intelligence Analysis Contents Page PREFACE............................................................................................................. vii INTRODUCTION ................................................................................................... xi PART ONE FUNDAMENTALS Chapter 1 UNDERSTANDING INTELLIGENCE ANALYSIS ............................................. 1-1 Intelligence Analysis Overview ........................................................................... 1-1 Conducting Intelligence Analysis ........................................................................ 1-5 Intelligence Analysis and Collection Management ............................................. 1-8 The All-Source Intelligence Architecture and Analysis Across the Echelons ..... 1-9 Intelligence Analysis During Large-Scale Ground Combat Operations ........... 1-11 Intelligence Analysis During the Army’s Other Strategic Roles ........................ 1-13 Chapter 2 THE INTELLIGENCE ANALYSIS PROCESS ..................................................
    [Show full text]
  • Australian Institute of Professional Intelligence Officers the Peak Representative Body for All Intelligence Professionals
    Australian Institute of Professional Intelligence Officers The peak representative body for all intelligence professionals 24 June 2020 Senate Finance and Public Administration Legislation Committee Australian Institute of Professional Intelligence Officers Inc. Submission National Intelligence Enterprise: Oversight and Evaluation Arrangements Thank you for the opportunity to provide a submission to the Committee considering the Intelligence and Security Legislation Amendment (Implementing Independent Intelligence Review) Bill 2020. We have reviewed the Information about the bill, including the Explanatory Memorandum (EM) and provide the following submission. A few brief comments about the National Intelligence Enterprise The National Intelligence Enterprise (NIE) is critical to the ongoing protection of Australia and Australia’s interests, and arrangements put in place to coordinate and optimize Australia’s national intelligence effort should do just that. However, the 2017 Independent Review and references contained in the Intelligence and Security Legislation Amendment (Implementing Independent Intelligence Review) Bill 2020 EM refer only to agencies in the intelligence enterprise at the federal level, not those at the state and territory levels. Arguably, a national approach should incorporate the contributions of states and territories since we are referring to the protection of Australia and Australia’s interests. There is no longer any safe clear separation between federal and state/territory intelligence responsibilities in meeting
    [Show full text]
  • 7133 Trouble V4.Pdf
    HOW TO LOOK FOR TROUBLE A STRATFOR Guide to Protective Intelligence S t r at for Global Intelligence STRATFOR 700 Lavaca Street, Suite 900 Austin, Texas 78701 Copyright © 2010 by STRATFOR All rights reserved, including the right of reproduction in whole or in part Printed in the United States of America The contents of this book originally appeared as analyses on STRATFOR’s subscription Web site. ISBN: [?] EAN-13: [?] Publisher: Grant Perry Editor: Michael McCullar Project Coordinator: Robert Inks Designer: TJ Lensing COntenTs Introduction v ANoteonContent ix CHapter 1: PrinCiples and CHallengEs TheProblemoftheLoneWolf 1 TheSecretsofCountersurveillance 8 Threats,SituationalAwarenessandPerspective 14 IntelligenceasaProactiveTool 19 CounterterrorismFunding:OldFearsandCyclical Lulls 25 AQAP:ParadigmShiftsandLessonsLearned 31 Counterterrorism:Shiftingfromthe‘Who’tothe ‘How’ 39 Profiling:SketchingtheFaceofJihadism 46 CHapter 2: The Art of SurvEillance Surveillance:ForGood—andEvil 53 TheSpreadofTechnicalSurveillance 55 PhysicalSurveillance:TailingSomeoneontheMove 57 PhysicalSurveillance:TheArtofBlendingIn 60 TurningtheTablesonSurveillants 62 iii Table of Contents CHapter 3: Protecting People Bhutto’sDeath:FatalFactors 67 India:AKidnappingCaseStudy 70 China:SecurityAspectsoftheDalaiLama’sTravels 73 TheU.S.ElectionSeason:SecurityChallengesand ConventionalWisdom 75 Mexico:ExaminingtheCartelWarThrougha ProtectiveLens 80 Mexico:TacticalImplicationsoftheLabastida Killing 87 Mexico:TheThirdWar 89 CHapter 4: SafegUaRding Places CorporateSecurity:TheTechnologyCrutch
    [Show full text]
  • 2011 INDEPENDENT REVIEW of the INTELLIGENCE COMMUNITY Contents
    INDEPENDENT REVIEW OF THE INTELLIGENCE COMMUNITY REPORT Robert Cornall AO Dr Rufus Black © Commonwealth of Australia 2011 ISBN 978-1-921739-72-9 (Hardcopy) ISBN 978-1-921739-73-6 (PDF) ISBN 978-1-921739-74-3 (RTF) http://www.dpmc.gov.au/publications/iric/index.cfm Ownership of intellectual property rights in this publication Unless otherwise noted, copyright (and any other intellectual property rights, if any) in this publication is owned by the Commonwealth of Australia (referred to below as the Commonwealth). Creative Commons licence With the exception of the Coat of Arms, this publication is licensed under a Creative Commons Attribution 3.0 Australia Licence. Creative Commons Attribution 3.0 Australia Licence is a standard form license agreement that allows you to copy, distribute, transmit and adapt this publication provided that you attribute the work. A summary of the licence terms is available from http://creativecommons.org/licenses/by/3.0/au/deed.en. The full licence terms are available from http://creativecommons.org/ licenses/by/3.0/au/legalcode. The Commonwealth’s preference is that you attribute this publication (and any material sourced from it) using the following wording: Source: Licensed from the Commonwealth of Australia under a Creative Commons Attribution 3.0 Australia Licence. The Commonwealth of Australia does not necessarily endorse the content of this publication. Use of the Coat of Arms The terms under which the Coat of Arms can be used are set out on the Department of the Prime Minister and Cabinet website (see
    [Show full text]
  • The Australian Intelligence Community
    Tom Nobes | The Emergence and Function of the Australian Intelligence Community The Australian Intelligence Community: Why did the AIC emerge the way it did and how well has it served the nation? TOM NOBES The Australian Intelligence Community (AIC) emerged in the Commonwealth executive branch of state throughout the 20th century, methodically reconfiguring in response to royal commission and government review recommendations. The AIC’s structure continues to be altered today in the face of ‘an increasingly complex security environment’.1 Such reconfiguration has been necessary in order to create a more effective and accountable AIC that serves the executive government by protecting Australian security and safety interests. Today, the AIC agencies work within a largely legislative framework, informed by liberal ends and values that balance individual liberty and privacy against communal security and peace.2 The AIC consists of six agencies today; the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Organisation (ASIS), the Australian Signals Directorate (ASD), the Defence Intelligence Organisation (DIO), the Australian Geospatial-Intelligence Organisation (AGO) and lastly the Office of National Assessments (ONA).3 This essay will briefly outline the development of the AIC over the last 100 years, and then discuss in detail why it emerged in the way that it did. Particular emphasis will be placed on the changes that occurred as a result of the Royal Commission on Intelligence and Security (1974-1977), the Protective Security Review (1979) and the Royal Commission on Australia’s Security and Intelligence Agencies (1984). The essay will then proceed to analyse the ways in which the AIC has, and hasn’t, served the nation.
    [Show full text]
  • Questions for the Record Mr
    QUESTIONS FOR THE RECORD MR. DAVID J. GLAWE QUESTIONS FOR THE RECORD FROM SENATOR KING 1. In response to the Committee’s prehearing questions, you stated that all DHS I&A analytic products must follow “ICD 203 tradecraft standards.” If confirmed, what steps will you take to ensure these standards for analytic integrity are strictly adhered to? It is my understanding that the Office of Intelligence and Analysis’ (I&A) Planning, Production, and Standards Division (PPSD) evaluates all I&A products for compliance with the nine tradecraft standards laid out in ICD 203 as well as a tenth developed specifically by I&A to ensure maximum coordination and collaboration with Intelligence Community (IC) and DHS Intelligence Enterprise (DHS IE). If confirmed, I would ensure I&A analysts receive adequate and continuing training on each of these standards. I would also ensure tradecraft quality reviews are built into the production process at both the beginning and near the end of the process, ensuring tradecraft subject matter experts have ample opportunity to conduct initial reviews as well as final evaluations. The final evaluations are critical to ensure finished products adhere to tradecraft standards. They can also be used to capture best practices and common mistakes that can be incorporated into training on the front end. 2. What do you consider the appropriate role of intelligence to be in the formulation of policy? Is it appropriate to draft an intelligence product with the specific intent of supporting an administration policy, either legally or politically, in mind? In my view, it is never appropriate to produce intelligence with the specific intent of supporting a pre-conceived policy position.
    [Show full text]
  • Preliminary Assessment: Unidentified Aerial Phenomena 25 June 2021
    UNCLASSIFIED OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE Preliminary Assessment: Unidentified Aerial Phenomena 25 June 2021 UNCLASSIFIED UNCLASSIFIED SCOPE AND ASSUMPTIONS Scope This preliminary report is provided by the Office of the Director of National Intelligence (ODNI) in response to the provision in Senate Report 116-233, accompanying the Intelligence Authorization Act (IAA) for Fiscal Year 2021, that the DNI, in consultation with the Secretary of Defense (SECDEF), is to submit an intelligence assessment of the threat posed by unidentified aerial phenomena (UAP) and the progress the Department of Defense Unidentified Aerial Phenomena Task Force (UAPTF) has made in understanding this threat. This report provides an overview for policymakers of the challenges associated with characterizing the potential threat posed by UAP while also providing a means to develop relevant processes, policies, technologies, and training for the U.S. military and other U.S. Government (USG) personnel if and when they encounter UAP, so as to enhance the Intelligence Community’s (IC) ability to understand the threat. The Director, UAPTF, is the accountable official for ensuring the timely collection and consolidation of data on UAP. The dataset described in this report is currently limited primarily to U.S. Government reporting of incidents occurring from November 2004 to March 2021. Data continues to be collected and analyzed. ODNI prepared this report for the Congressional Intelligence and Armed Services Committees. UAPTF and the ODNI National Intelligence Manager for Aviation drafted this report, with input from USD(I&S), DIA, FBI, NRO, NGA, NSA, Air Force, Army, Navy, Navy/ONI, DARPA, FAA, NOAA, NGA, ODNI/NIM-Emerging and Disruptive Technology, ODNI/National Counterintelligence and Security Center, and ODNI/National Intelligence Council.
    [Show full text]
  • Intelligence Information: Need-To-Know Vs. Need-To-Share
    Intelligence Information: Need-to-Know vs. Need-to-Share Richard A. Best Jr. Specialist in National Defense June 6, 2011 Congressional Research Service 7-5700 www.crs.gov R41848 CRS Report for Congress Prepared for Members and Committees of Congress Intelligence Information: Need-to-Know vs. Need-to-Share Summary Unauthorized disclosures of classified intelligence are seen as doing significant damage to U.S. security. This is the case whether information is disclosed to a foreign government or published on the Internet. On the other hand, if intelligence is not made available to government officials who need it to do their jobs, enormous expenditures on collection, analysis, and dissemination are wasted. These conflicting concerns require careful and difficult balancing. Investigations of the 9/11 attacks concluded that both technical and policy barriers had limited sharing of information collected by different agencies that, if viewed together, could have provided useful insight into the unfolding plot. A consensus emerged that U.S. intelligence agencies should share information more widely in order that analysts could integrate clues acquired by different agencies in order to “connect the dots.” Major statutory and regulatory changes were made to facilitate information sharing among agencies. An Information Sharing Environment was created within the new Office of the Director of National Intelligence in order to establish policies, procedures, and technologies to link people, systems, and information from government agencies. In law and in Federal regulations a culture of sharing has been established in the Intelligence Community. Although government officials maintain that policies designed in recent years to increase sharing have helped prevent a number of serious terrorist attacks and contributed significantly to the May 2, 2011 operation against Osama bin Laden, the results have been uneven and, in some cases, unfortunate.
    [Show full text]
  • The Australian Intelligence Community in 2020
    Security Challenges The Australian Intelligence Community in 2020 Allan Behm1 The future direction of intelligence—both as a key enabler of warfare and a critical support for good policy—has been a subject of extensive study for almost two decades. The end of the Cold War, so dramatically symbolized by the fall of the Berlin Wall on 9 November 1989, initiated a gadarene rush of intelligence reviews that saw the declaration of “peace dividends” and the harvesting of significant operational and staffing resources from national intelligence agencies. Australia was no exception. With the benefit of hindsight, it is something of an irony that the previous Director General of the Australian Security Intelligence Organisation (ASIO), Mr Denis Richardson, cut his intelligence teeth in the ASIO review of 1993 that saw the Organisation’s resources cut by some 40% as the need for domestic security intelligence was deemed to have evaporated. The combination of significant intelligence failures, such as the bombing of the World Trade Centre in New York and the Pentagon in Washington DC on 11 September 2001 and the non-existent Weapons of Mass Destruction that helped precipitate the war in Iraq, and the growing gap between our intelligence needs and our ability to meet those needs, has brought the pursuit of intelligence under increasing scrutiny. Western governments are throwing significant sums of money at the problem, demanding improved coordination arrangements (while at the same time creating additional agencies), brandishing intelligence product (as distinct from policy advice) as the basis for decision, and looking to intelligence as the “silver bullet” justifying executive decision-making.
    [Show full text]