On 17 September 2019, I participated in ENISA’s NIS Summer School 2019 that took place in Heraklion, Greece. The Summer School had 4 parallel training sessions (CTI, CyberDefence, Incident Response and Crypto) and the participants were mostly graduate students as well as infosec professionals.
I joined the CTI training sessions as an instructor for “Intelligence Requirements” as well as “CTI Reporting”. In this post, I will focus mostly on the session that was about Intelligence Requirements. Intelligence requirements is something that is very close to my heart and it was my pleasure to present this concept to the students of the summer school.
During the training session, I used the example of Don Quixote when discussing about intelligence requirements. Don Quixote was someone who was reading so many chivalric romances that he lost his mind and decided to become a knight-errant to revive chivalry and serve his nation. However, he did not want to see the real world and preferred to imagine that he was living out a knightly story. Thus, he was tilting at windmills imagining that they were giants while he was looking for the imaginary Dulcinea, his lady love. Sancho Panza, his squire, was the one keeping Don Quixote back to reality. Don Quixote represents illusion while Sancho Panza represents reality, they complement each other in a dualistic way.
Let’s go back to CTI. CTI analysts read lots of CTI reports and and their utmost priority is to protect their organisation. They are very passionate with analyzing threats; the more complex the threat the bigger the challenge! Sometimes analysts have favourite threats/adversaries that they care about, focus on and get satisfaction when analyzing them. Moreover, there have been cases of Cyber Stockholm Syndrome where analysts are “stuck” with threats that do not exist anymore. Thus, CTI analysts, just like Don Quixote, sometimes succumb to their biases and focus on non-existing threats (either because they were never a threat for their organisation or due to the fact that they are not relevant threats anymore). At this point, the “Sancho Panza of CTI” comes in the form of Intelligence Requirements to remind us about the real threats about our organisation and not the ones that we care.
I used this parallelism during the training session and tried to present the fundamentals and the value of intelligence requirements through real world examples.
The presentation of the session can be found in the following link: Andreas_Sfakianakis_ENISA_CTI_Summer_School_2019_Intelligence_Requirements.
Feel free to provide any feedback that you might have!
The resources used for this presentation can be found in the following link:
PS. Below one can see some pictures taken during the presentation. The final picture shows the chairs of the summer school, Louis Marinos (ENISA) and Sotiris Ioannidis (FORTH-ICS). Great job guys and I am really proud having worked with both of you!
One thought on “Intelligence Requirements: the Sancho Panza of CTI”
Good one Andreas. Really liked the content and the examples you have used.