Operational Cyber Threat Intelligence

This course aims to fill the gap between the technical level and the operational level that is responsible for planning cyber activity. To provide a clear comprehension of the main data you need to plan cyber events, using real samples that are well documented in open source. Based on this analysis, applying the Intel Cycle to the cyber domain, you will identify the gaps you need to fill and drive the collection phase, tasking the correct sources to gather needed information. Merging indications, analysing and sharing these data, you will transform them into a possible cyber threat situation by using a sharing platform environment.

Learning Objectives

  • To acquire the essential elements of understanding the cyber domain for Intelligence purposes, identifying data useful for planning cyber activities and gaining a better understanding of the enemy’s cyber capability.
  • To gain confidence with the main technical data available through the network, understanding which sources could be used to collect this information, and performing a general analysis and data correlation (filter, analyse, correlate data collected).
  • To gain confidence with the main data available through social networks and social media, understanding which sources could be used to collect this information, performing a general analysis and data correlation (filter, analyse, correlate data collected).
  • To practise differentiating, merging, analysing and sharing collected data.
  • To practise the theoretical knowledge acquired during the week, produce, assess and share data and become more confident with events, simulating real-life conditions.

Target Audience

J2, J3, J5, J6 staff members, branch heads, RRT/CERT members, Cyber Threat Analysts, mediators between Tech Level and Operational level.

Outline

  • Intel cycle applied to the cyber domain
  • Cyber Defence Threat Assessment
  • Intelligence Support to Cyber Operations
  • Technical data gathering Information
  • Social media gathering information
  • Information sharing
  • Transforming technical data into Threat Intelligence
  • Exercises

Prerequisites

Basic knowledge of Windows and Linux, TCP/IP stack, social media, virtualisation product and good understanding of technical cyber vocabulary and means.

 Registration

Registration opens on 17th of August, 2020. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact. An email confirming the participation will be sent only after the registration has closed.

If you have any questions or issues with registration, please contact [email protected]