Book Review: Collaborative Cyber Threat Intelligence

Edited by Florian Skopik. CRC Press; crcpress.com; 430 pages; $82.95.

Security professionals must protect the cyber holdings and functions of individuals and institutions in an increasingly complex cyber environment. Not to understand these issues is to risk becoming lost in that very world.
Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at the National Level reviews the principles of cyberthreats, including the types of information involved, cybercrime, cyberwar, cyberespionage, emerging trends and threats, threat actors, and the evolving cyber landscape. Woven throughout are discourses on the importance of sharing knowledge about cyberthreats and the means and risks of doing so. Balanced examples include the formation of vetted cyberthreat intelligence communities and the legal risks of violating privacy.

Understanding the nuances of language is a requirement of any foreign venture and the same is true for exchanging information in cybersecurity matters. The term “cyberthreat intelligence” may seem simple, but it involves, essentially, sophisticated computer processes of searching, identifying, and classifying malware anomalies through the artificial intelligence practice of machine learning. Similarly, while the commonly used phrase “situational awareness” (SA) usually refers to the general aim of a security professional to be aware of any possible threats; here we learn 11 different lengthy definitions for SA and study many different cognitive models for cyber situational awareness (CSA).

Of great assistance are numerous lists of commonly used acronyms and their meanings. Source references follow each chapter for further research. Equally important is the advice of the editor to focus first on the opening introduction and closing paragraphs of each chapter before grappling with the more challenging technical material in between. Even if the material in this book seems too advanced for the reader, temporary disorientation is well worth eventual clarity.

While the editor and chapter authors are mostly European, they do include examples and analysis of efforts to combat cyberthreats in the United States. This book encourages security professionals and other decision makers to interact with cyberthreat specialists to further the mission of better securing cyber holdings from threats that could pose dangers to our institutional, business, economic, and national security.

Reviewer: James T. Dunne, CPP, is a member of the ASIS Council for Global Terrorism, Political Instability, and International Crime. He is a senior analyst in the State Department’s Bureau of Diplomatic Security. The views expressed here are those of the reviewer, and do not necessarily reflect those of the U.S. Department of State or the U.S. Government.