Developing intelligence requirements for the public sector is a different experience than what commercial-sector counterparts endure.
Entities that require intelligence to carry
out a mission in the public sector collect data that supports long-term goals
and addresses persistent threats. This is in contrast to the nimbleness and
flexibility that banks and other enterprises desire in order to rid their networks
of adversaries and the latest threats.
Intelligence requirements are formulated
during the planning and direction portion of the five-stage intelligence cycle. It’s
during this stage when collections are planned, as are the dissemination of
intelligence and continuous monitoring activities.
For the public sector, especially at the levels where law enforcement and national security are concerned, intelligence requirements are very much mapped out in a top-down format. Priorities are identified, and those could be anything from cyber threats to counterterrorism, organized crime, or civil-rights preservation.
For every category, specific collection
requirements are developed to direct different teams to meet much narrower
missions under that umbrella. Ultimately, they’re tasked with a plan of action
to collect data and massage that into intelligence to meet those requirements.
Subject-matter experts at the top of the food chain identify missions and develop intelligence requirements. These senior officials pass the requirements on to agents and analysts who are tactical in nature. Most often, those at this level have little input as to what collection requirements may be; that is the purview of senior personnel who have a strategic approach and vision to meet a goal.
It’s at this level too where, if necessary,
intelligence requirements are formulated that are aligned across several
agencies to address overlapping threats. This happens much more at a
national-security level where stakeholders build collection directives suited
to each agency to support one overarching mission. The intent here is to avoid
a duplication of efforts and address adversaries or threats that collections
and intelligence from subject-matter areas in multiple disciplines.
Unlike in the private sector where, by
necessity, threats are constantly being re-evaluated and defenses, the public
sector also develops standing requirements that are evaluated annually by
stakeholders. It’s at this time when long-term, persistent threats are
re-evaluated and the previous year’s collection requirements are updated.
Stakeholders brainstorm on new adversary capabilities and determine what teams
must collect to address new threats.
Specific collections requirements within different agencies and missions can number in the hundreds and should provide a deep dive into an adversary’s activities. They should enable data collections about:
- Who is behind a threat organization?
- What that threat looks like top to bottom?
- How is it organized?
- Where is it based?
- Whom an adversary may be aligned with?
- What type of activity they’re engaged in?
- How sophisticated is their operation?
- What tools are among their capabilities?
- What are their tactics, techniques, and procedures?
One observation that emerges from these requirements is the need for attribution in the public sector, another key differentiator between intelligence requirements for the private sector. Public-sector intelligence requirements, especially for law enforcement and national security, aim to identify adversaries and bring them to justice. Private-sector intelligence requirements are much more defensive and about prevention and mitigation of attacks.