Following the breakthrough in information technology, criminals are relying on cyberspace to commit various cybercrimes. Meanwhile, physical devices and human actions are not enough for monitoring and combating these crimes. Therefore, there has grown the need to develop more sophisticated information technology that can track abnormal behavior about cyber-attacks. With the prevalence and sophistication of cyber-attacks, human intervention has proved inadequate for timely attack intervention and analysis. Security attacks on crucial infrastructure have generated tension between governments and private sectors across the globe.
Most attacks are perpetrated by cybercriminals seeking financial benefits or by hackers who seek to sabotage governments and organizations’ operations. Research indicates that attacks on key infrastructure are on the rise in both frequency and sophistication and are expected to multiply in the near future.1 The term intelligence can be used to define the procedure of analyzing raw information to provide meaning. It is also used to identify a group of professionals that deals with interpreting information to provide meaning.
The normally fixed algorithms have turned out to be ineffective against curbing the evolving cyber threats. This need has led to the search for an innovative model such as using Artificial Intelligence (AI) that offers dynamism and learning capability to software that helps intelligent agents in combating cybercrimes. AI can be defined as science and technology to create intelligent tools such as intelligent computer programs2.
Cyber incorporation in the intelligence field has improved site management and surveillance for critical infrastructure. AI has various integrated computing techniques such as computational intelligence, machine learning, data mining, and pattern recognition among other methods that have been helpful to the intelligence field. However, in the field of intelligence, AI methods tend to be a promising area of research that targets promoting the security aspects for cyberspace. The aim of this study is to illustrate that AI techniques have led to massive developments in the field of intelligence. This paper will further demonstrate how these methods can be an essential tool for identifying and combating cybercrimes, as well as recommend ways for future developments.
Background to study
The swift advancement of information technology had a huge positive influence and presented major conveniences to humanity. However, it also brought issues that are hard to control such as the development of new forms of crimes. For example, common crimes such as fraud and theft have become much easier due to access to electronic devices and other high-tech products. Besides, as technology continues to advance, criminal tactics keep on updating. Moreover, information technology promotes the proliferation of these crimes to the global arena by permeating country borders and making it complex to identify, monitor, combat, or track cybercriminals.
Due to the increasing need to counter these crimes, the intelligence field identified the need to incorporate cyber knowledge to their work of detecting, monitoring, and capturing criminals. AI emerged as a field targeting to unearth the importance of intelligence and intelligence machines. AI sought ways to solve complex issues that proved difficult if approached without incorporating some intelligence.
Different techniques have been developed in the AI field for tackling difficult problems that need intelligence from human expertise. Some of these techniques have been tested where precise algorithms are used. Other approaches have been applied widely that they are no more viewed as part of the AI approach. In this study, the categories of AI will be outlined in a bid to show their usefulness when integrated into the intelligence field.
Following an intensive review of current research concerning AI and its incorporation into the intelligence community, this paper can conclude that important applications are available. These applications are helpful to the intelligence community to combat crimes.
Purpose of the study
This research seeks to examine the benefits cyber knowledge has brought to the intelligence field concerning the fight against cybercrimes that might sabotage military operations. In particular, this study will explore the application of AI techniques in the intelligence field. In this way, this study will be able to unravel the current advancements made in the field of intelligence. According to Hsu, numerous effects of Conficker worm on military intelligence networks have been affected3.
For example, in January 2009, Conficker invested the French Navy computer system compelling aircraft at various airbases to be grounded since their flight schedules could not be downloaded. Due to such and similar incidences have made changes in cyberspace integration to intelligence community urgent. The incorporation of cyberspace activities to intelligence service will require wide reliance on the AI approach.
Statement of the problem
Deliberate attempts by malicious people to intrude ICT systems with the aim of sabotage, theft or other disorderly action are on the rise. Studies have predicted the trend to continue for the coming years. The most prevalent threat to security associated with cyberspace is manifested in the realm of military undertakings. In the military context, loss of life resulting from cyberspace related attacks is an imminent threat around the globe. For this reason, there is a need to bridge the gap between cyberspace knowledge and the intelligence community. The demand for cyberspace knowledge is significant in terms of preciseness, response, and quality of military operations4.
Intelligence is not simply an abstract of information rather the information should be evaluated and put in context to provide useful intelligence. Thus, it is through cyberspace that such information is processed and analyzed to become useful intelligence. Appropriate intelligence orients the intelligence personnel with deep insights into the adversary’s intentions. Proper cyber knowledge must be part of the intelligence package to ensure the intelligence field is adequately informed and ready for executions.
How has AI influenced the fight against cyber crimes and the incorporation of cyber activities into the intelligence community? Looking at the cyber domain, one can conclude that AI is in demand for a swift response to situations regarding the Internet. The intelligence community needs to be able to handle a huge amount of data in a bid to define and evaluate activities that occur in cyberspace regarding national security.
The speed of operations and the magnitude of data to be utilized cannot be managed by individuals without artificial help. What are the areas that require improvement to promote intelligence incorporation of cyberspace? Since security threats evolve rapidly, it is hard to build software to shield the attacks in the cyber domain. However, this gap is closing slowly with the development of AI methods. What are the challenges facing intelligence analysts in the process of transforming information into intelligence using AI techniques?
This study relies on descriptive research design to make inquiries to obtain data using a web-based survey. The research instrument entails a brief, well-structured research question. Descriptive research will be used to gather information regarding the current topic. The sample will target about 50-100 intelligence agents in the United States Intelligence Community. This study uses random sampling to determine the number of participants. Data analysis will be done to offer solutions to the research questions. Data analysis will be completed using the statistical package for social sciences (SPSS) version 16.
Current academic research suggests that intelligence agents have already adopted AI techniques across the globe to combat cybercrimes5. For example, neural networks are being used to detect intrusion and intervention of cybercrimes. Research has identified that intelligence analysts must be conversant in various technical areas to ensure commanders have an understanding of adversary and military abilities. Such problems have been resolved when cyberspace technologies are introduced. It might not be sufficient to understand how a military defense system relies on AI techniques during executions.
Therefore, the intelligence effort needs an elaborate team of skilled workforce in a bid to ensure the commander has enough and quality supply of cyber-related knowledge. Given these barriers, Dumitrache identified various key sections to focus on in a bid to maximize the advancement and creation of cyber intelligence to aid in military operations6. These challenges include the adversary; the nature of the cyberspace domain, organizational constructs, expertise, and the intelligence cycle.
The evolving nature of the cyberspace domain continues to present new challenges in integrating cyberspace activities with conventional intelligence operations. The intelligence community finds a barrier when trying to define, visualize, and incorporate cyberspace activities in the setting of an operational domain. According to Bishnoi, analysts must be aware of the cyber domain and its association with other fields as the preliminary step in understanding the AI approach7.
The intelligence assessment of a specified adversary in cyberspace is acquiring popularity since governments are building cyber capabilities to boost their intelligence executions. Since the incorporation of AI techniques, the intelligence service has been able to detect enemy courses of action thus curbing potential risks by an adversary.
The skilled labor force is a challenge for the intelligence community. Intelligence firms seek experts with cyber skills, but in most cases, the workforce does not have the skills of intelligence professionals. The intelligence community can only benefit fully from AI techniques if professional programs are established to infuse cyber expertise in the intelligence domain. Every stage of the intelligence cycle is critical in understanding cyberspace applications in the intelligence community.
The entire cycle should have a clear understanding of its operations and how to ensure the system supports cyberspace intelligence. Organizational constructs entail intelligence organizations that offer intelligence to military leaders in their planning and handling of operations. Following the evolution of AI techniques, it has become worth examining whether cyber expertise is adequately spread throughout the workforce to ensure cyber incorporation in all operations. The cyber intelligence structures have developed a good understanding of the internal and external intelligence factors in a bid to maximize the growth and incorporation of cyberspace intelligence.
The state of the intelligence community in the U.S
Since the inception of the Intelligence Community (IC) in the U.S, the IC has existed to fulfill the desire for timely and accurate intelligence to respond on behalf of the U.S Congress and enhance national security8. However, the commission behind the establishment of IC realized that the threat actors were becoming more sophisticated, and the need to act swiftly was eminent. Aided by their increasing national devotion to research and development, the U.S realized the need to improve cyber knowledge in its IC. IC and cyber knowledge integration are crucial to ensure that the U.S develops and keeps capabilities to identify, assess and counter the threats to homeland security9.
The main challenges that face the IC include the global diffusion of the Internet that poses a threat to the main capabilities of the IC. Second is the escalating volume of the collected data. To resolve these challenges, the IC leadership must ensure that cyber knowledge is acknowledged as a fundamental and strategic factor of the IC’s agenda.
The current research identifies that the IC has put limited efforts in exploiting the cyberspace concerning learning the intentions and abilities of adversaries. In this light, the IC should conduct comprehensive scientific and technical learning to understand the cyber spectrum. This study also identifies that while the conventional ways of gathering and analyzing data remain essential, new and future threats cannot be controlled without advanced integrated cyber intelligence that steers discoverable information for decision-makers. This research identified that there are insufficient cyber knowledge and insufficient awareness of cyber incorporation strategies and models. Therefore, there is a need to empower cyber training to build a comprehensive IC.
The need for a better approach for integrating cyber into IC
Basing on previous information provided by Clark this study can conclude that there are various needs calling for investment in cyber knowledge by the IC.10 For instance, the US should examine the role of government departments concerned with cyber incorporation into the intelligence field. The US must incorporate cyber expertise in IC to help confront these increasing threats.
Education and training
Most crimes are being perpetrated with the help of information technology. However, the intelligence community needs to build cyber intelligence expertise in a bid to counter criminal activities. Intelligence analysts need cyberspace skills in assessing an adversary’s abilities, intentions, and operations in cyberspace. Even though the intelligence tradecraft has existed for decades, the discourse of cyber intelligence is still developing to maturity. Cybersecurity training programs have emerged across the globe in response to the imminent dangers of cybercriminal activities. However, most of those programs lack systematic training in intelligence operations. For instance, in the United States, it is not clear if these programs are consistent with the demands of the U.S. intelligence community.
Due to the lack of sufficient competent intelligence analysts, it is necessary to commence building a training and education program that follows the career path of an intelligence analyst from entry-level to professional analysts.
The entry-level analysts must be trained to attain fundamental cyber analyst skills acquired via a balance of analytic and technical training when joining the workforce. Various formal education and training options are available to equip the entry-level intelligence analyst. Even though these programs may not target cyber intelligence as an academic major, that has to change soon in a bid to speed the maturation of intelligence analysts. The intent of this level should be to equip learners with an adequate understanding of intelligence research, decision-making, and intelligence analytic techniques. This knowledge is necessary to assist them in detecting, analyzing, and communicating about the potential, intend, and operations of the adversary.
Continuing training and specialization in the intelligence field are necessary for analysts to stay relevant in the evolving field11. Personnel working in the intelligence field need an ongoing professional training. The knowledge, expertise and capabilities for an entry-level worker in the cyber analysis are changing gradually over time. However, as the field of cyberspace and intelligence matures, analysts will need to understand and appreciate continuing professional education needs.
The critical learning programs should target developing skills to, but not limited to, the following: to improve IC analytical skills in a bid to counter planned attacks in real-time. Identify behaviors of various threat actors. Detecting and analyzing attacks during their planning. Additionally, the IC should be equipped with research and development skills to stand a chance of creating trusted devices and software to mitigate threats.
Applications of cyber threat intelligence
Neural nets have been in use since the late 1950s following the invention of the perceptron12. Perceptron is an artificial neuron and an essential element of neural nets. Research suggests that a few numbers of perceptron can handle complex problems. These neural nets are characterized by a high speed of operation. Neural nets are also suited for pattern recognition and analysis of responses to threats. The intelligence community needs to incorporate such applications in its bid to combat cyberspace crimes. Neural nets are well suited for intrusion detection and intervention. There have been attempts to try them in forensic investigations.
There are new adjustments in the technology of the neural net targeting to get ahead of crime activities. Experts systems are the widely applied AI tools, especially by the intelligence community. An expert system is an application for generating answers to problems in the application domain presented by a user. Experts system can be used for decision making in the intelligence field.
How is cyber incorporation into intelligence important?
The intelligence community needs to get ahead of cybercrime to correspond with the evolving threat landscape. In today’s intelligence service, it is hard to prevent potential attacks and breaches. Today’s criminals are sophisticated and target the weaknesses in intelligence and technology. Following the rise in reliance on digitalized information and sharing of massive amounts of information across the world, attackers have found easy access to their targets.
However, the intelligence community can only respond adequately by incorporating cyber intelligence into its operations. Cyber threat intelligence is an advanced process that can employ AI methods to assist the intelligence community to gain useful insights based on the evaluation of contextual risks13. AI is currently one of the needed supplements to an intelligence portfolio. However, it is crucial to be in a position to prioritize AI methods as well as understand how they can be incorporated into the intelligence operations in a manner that adds value.
The intelligence team handles the technical information that offers certain indicators that are needed in tracking and intervening imminent and possible future threats. Thus, for this assembling of information to be helpful, it is fundamental to build an AI approach intended to offer meaningful, timely, and accurate reporting. AI approach will not foresee the future nor is it the remedy for intelligence operations. AI is all about raising the likelihood of analyzing incident history and identifying potential targets for criminals. Although the demand for technical indicators such as AI plays an important role, technical knowledge is not sufficient to grasp the reason as to why some threats should be given an upper hand. The intelligence team should learn to implement cyber defense capabilities in a manner that increases value.
Ensuring incorporation of AI techniques in intelligence operations at all stages provides the intelligence with the ability to combat crimes by responding more swiftly to threats. This integration assists in ensuring that information and critical infrastructure remain under the monitoring of the intelligence and minimizes the possibility that data is extracted or processes hijacked. AI model helps the intelligence analyst to trace the threat landscape allowing analysts to make decisions based on earlier events rather than intuition. Basing on historical precedence, the result of the analysis assists experts to detect which stage of action they are tracing when events occur. This activity needs to be considered early in the intelligence community
Cyber threat intelligence utilizes AI methods to add value to the intelligence community by improving team decision-making. AI helps intelligence to be precise. Intelligence should address issues that are occurring or likely to occur. Intelligence should enhance their accuracy by ensuring they represent the activities that are occurring. Intelligence should also be relevant by addressing issues that are of value to their field.
Threat assessment is a basic role of the intelligence specialists that helps identify security linkages and vulnerabilities. Intelligence teams use threat assessment approach to offer recommendations for threat intervention. Most organizations fail to consider they are possible targets for a cyber-related incident until it occurs. In a bid to avoid strategic surprise, organizations have opted to incorporate cyber knowledge in their intelligence field to perform a threat-based assessment that helps understand the threat landscape14. The organization’s intelligence agents should evaluate which security threat actors are likely to hit the organization in a cyber-aided incident. When experts identify the actors that are risky, the ongoing analysis must concentrate on their motivation and intent. With the aid of cyber knowledge, intelligence teams gain a strong understanding of their enemies.
Intelligence teams use cyber technology to gather and store data. This data helps change the security model from reactive to a proactive state. When one is aware of his /her enemies, it is easy to create tactics to prevent possible attacks and plan wisely for future threats. Cyber knowledge has also helped shrink the security alert challenge that is overwhelming most intelligence teams15. Besides, this data can be used by the intelligence teams to steer better and informed responses to threat incidents.
Cyber knowledge assists in promoting communications between intelligence teams and top management. When these advancements are made, organizations can drive better investment plans since security priorities are directly linked to business risk management priorities. Effective use of intelligence needs access to quality data that is obtained with the aid of cyber technology. The creation of virtual teams has enhanced the interaction of intelligence personnel from different locations. Through telecommunicating which can be done either inside or outside of the organization, workers can work within virtual communities and deliver within a short time frame.
The barriers of cyber integration into the intelligence field require a restructuring of the intelligence infrastructure and development of new intelligence assets. Besides, due to the limited infrastructure available to enhance cyber integration, the intelligence community will remain technologically challenged in times to come. The government and private sector would not be in a better position to produce an equipped intelligence team unless there is a substantial increase in the number of cyber experts. The challenges of cyber intelligence surpass the number of intelligence experts. Thus, it is essential for the new generation of experts in cyberspace to be adequately trained to counter this need.
Insufficient computer literacy and poor research instinct are major barriers to cyber integration. The intelligence community needs new leaders who are motivated to learn computer sciences via programs that promote their aptitudes and train them on how to utilize the knowledge in the detection and combating of crimes. Moreover, there is a need to encourage innovative thinking and the desire to invest in research and development. The advancement of infrastructure for cyber intelligence needs critical thinking to surpass the threat actors who have access to outstanding infrastructure.
Framework for cyber investment in the intelligence field
Three aspects should guide any entity intending to invest in cyber integration into the intelligence field. Cyber investment should be informed by threats and susceptibility tests. Before investing in cyber integration, it is necessary to seek awareness of the dangers and vulnerabilities of the IC systems and those of the enemies. Second, an appropriate cyber investment must encourage privacy and democracy. A cyber investment plan must be in line with the set laws on the privacy and security of a given country, which is the US in this case. Third, cyber investment must be based on the exchange of information. The IC should collaborate with the private sector, public, industry, and academicians to share knowledge of cyber threats and fruitful defense mechanisms.
The future for cyber incorporation into the intelligence field
The intelligence community should be allowed to utilize the new generation of cyber intelligence concepts. The essence should be to shift from a reactive stage to a proactive state in a bid to stay beyond cyber-related crimes16. This approach calls for maturity in cyber threat intelligence and a clear understanding of their setting. An elaborate threat intelligence approach can also be unearthed with proper metrics model and analytics as the AI model matures.
Cyber intelligence principles can be used by intelligence analysts to uncover patterns, detect threat activity and improve overall situational awareness. The availability of cyber knowledge has facilitated the transformation of information to intelligence. The information which is knowledge in raw form is processed using cyber applications to information with added value and easily understandable. Since threats keep on evolving, a dynamic intelligence team should enhance security operations to match the evolving risks. Utilizing an AI model brings a better understanding of the threats that escalate risk in the system.
Public-private partnerships could foster a wide scope of improvement. Many intelligence community issues are common to those encountered by the commercial industry. In most cases, the commercial sector has better infrastructure and programs as compared to the intelligence community. The field of intelligence and cyber use presents many and interesting opportunities for cooperation between the public and private industries. The promotion of computer literacy and research is one area that can hugely benefit from these collaborations.
Introduce a comprehensive cyber investment agenda. Treat actors already use technical abilities against the IC in the U.S such as telecommunications and computing platforms. Currently, cyber knowledge is employed to access and manipulate computer systems and even traditional targets17. Future cyber investment into the IC should integrate expertise from diverse fields. For instance, unlike traditional approaches, future cyber investment should cover “behavioral sciences, biological sciences, quantum science, and social science”.18 With such diversity, the IC will be in a better position to respond adequately to threats. However, different authorities with minimal oversight execute the contemporary cyber investment activities by IC. Therefore, the concerned authorities need to carry out extensive and regular monitoring, evaluation, and auditing of cyber investment programs and expenditure.
The rapid evolution of information technology presents a massive positive impact on human life. However, it also brought issues that are hard to control such as cyber threats. Each day, humanity is encountered with an escalating number of cybercrimes because technology offers a platform to advance their plans. Therefore, it is important to note that cyberspace also offers the intelligence community opportunities to manage the battlespace and fulfill its mandate.
Cyber capabilities are a fundamental aspect of current warfare, and thus it should be incorporated into intelligence doctrine. Incorporation of cyber knowledge in the intelligence community is remarkably underdeveloped as a profession. Ideally, the integration of cyber knowledge into cybersecurity education at all stages is inevitable and desirable. Cyber education and training should explicitly address the threat assessment and risk management with the aid of AI techniques. Nevertheless, the application of AI by intelligent agents can assist in combat cybercrimes. Collaboration between the public and the private sector should consider how best to integrate cyber capabilities into the intelligence community in a way that can contribute to a global strategy that protects international security interests.
Bishnoi, Ankita. “Developed Personalized Cyber Clone System By Amalgamation of Human Brain Intelligence.” International Journal of Artificial Intelligence & Applications 3, no. 3 (2012): 55-67.
Clark, Robert M. Intelligence Analysis. Los Angeles: SAGE/CQ Press, 2013.
Dumitrache, Loan. Advances in Intelligent Control Systems and Computer Science. Berlin: Springer, 2013.
Hansen, Morten. “Intelligence Contracting: On the Motivations, Interests, and Capabilities of Core Personnel Contractors in the US Intelligence Community.” Journal of Intelligence and National Security 29, no. 1 (2012): 58-81.
Hsu, Ching-Hsien. “Ubiquitous Intelligence and Computing: Building Smart Environment in Real and Cyber Space.” Journal of Ambient Intelligence Human Computer 3, no. 2 (2011): 83-85.
Marchio, Jim. “Analytic Tradecraft and the Intelligence Community: Enduring Value, Intermittent Emphasis.” Intelligence and National Security 29, no. 2 (2013): 159-183.
Mattern, Troy, John Felker, Randy Borum, and George Bamford. “Operational Levels of Cyber Intelligence.” International Journal of Intelligence and Counterintelligence 27, no. 4 (2014): 702-719.
Richelson, Jeffrey. The US Intelligence Community. Boulder, CO: Westview Press, 2012.
Rudner, Martin. “Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge.” International Journal of Intelligence and Counterintelligence 26, no. 3 (2013): 453-481.
Trope, Roland, and Stephen Humes. “By Executive Order: Delivery of Cyber Intelligence Imparts Cyber Responsibilities.” IEEE Security & Privacy Journal 11, no. 2 (2013): 63-67.
Yan, Zheng. “The Science of Cyber Behavior.” International Journal of Cyber Behavior, Psychology, and Learning 3, no. 2 (2013): 82-87.
Yin, Peng-Yeng, Fred Glover, Manuel Laguna, and Jia-Xian Zhu. “A Complementary Cyber Swarm Algorithm.” International Journal of Swarm Intelligence Research 2, no. 2 (2011): 22-41.
- Jim Marchio, “Analytic Tradecraft and the Intelligence Community: Enduring Value, Intermittent Emphasis,” Intelligence and National Security 29, no. 2 (2013): 159.
- Troy Mattern et al., “Operational Levels of Cyber Intelligence”, International Journal of Intelligence and Counterintelligence 27, no. 4 (2014): 702.
- Ching-Hsien Hsu, “Ubiquitous Intelligence and Computing: Building Smart Environment in Real and Cyber Space”, Journal of Ambient Intelligence Human Computer 3, no. 2 (2011): 83.
- Marchio, “Analytic Tradecraft and the Intelligence Community,” 180.
- Hsu, “Ubiquitous Intelligence and Computing,” 85.
- Loan Dumitrache, Advances in Intelligent Control Systems and Computer Science (Berlin: Springer, 2013), 23-26.
- Ankita Bishnoi, “Developed Personalized Cyber Clone System by Amalgamation of Human Brain Intelligence,” International Journal of Artificial Intelligence & Applications 3, no. 3 (2012): 55.
- Jeffrey Richelson, The US Intelligence Community (Boulder, CO: Westview Press, 2012), 11-23.
- Morten Hansen, “Intelligence Contracting: On the Motivations, Interests, and Capabilities of Core Personnel Contractors in the US Intelligence Community,” Intelligence and National Security 29, no. 1 (2012): 58.
- Robert M Clark, Intelligence Analysis (Los Angeles: SAGE/CQ Press, 2013) 4-7.
- Marchio, “Analytic Tradecraft and the Intelligence Community,” 183.
- Martin Rudner, “Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge,” International Journal of Intelligence and Counterintelligence 26, no. 3 (2013): 453.
- Ibid, 459.
- Ibid, 481.
- Peng-Yeng Yin et al., “A Complementary Cyber Swarm Algorithm”, International Journal of Swarm Intelligence Research 2, no. 2 (2011): 22.
- Ibid, 24.
- Roland Trope and Stephen Humes, “By Executive Order: Delivery of Cyber Intelligence Imparts Cyber Responsibilities,” IEEE Security & Privacy 11, no. 2 (2013): 63.
- Zheng Yan, “The Science Of Cyber Behavior,” International Journal of Cyber Behavior, Psychology and Learning 3, no. 2 (2013): 82.