Strategic Threat Intelligence: Communicating to Non-Technical Audiences

In a recent article in War on The Rocks, More Art Than Science: Intelligence and Technical Topics, authors  Brian Holmes and Max Greenlee write about communicating technical intelligence subjects to policymakers.

Scientific and technical intelligence analysts thus face the great challenge of quickly, effectively, and clearly conveying information to policymakers. – Brian Holmes and Max Greenlee

The main point of the article is that scientific and technical intelligence analysts face a “great challenge of quickly, effectively, and clearly conveying [technical] information to policymakers.” One example the authors provide is the hotly debated 2002 National Intelligence Estimate on on Iraq’s Weapons of Mass Destruction Program. The NIE report “attempted to convey a highly technical assessment of Iraq’s suspected weapons programs in the space of a few sentences, while still retaining confidence levels and sourcing.”Screen Shot 2016-04-17 at 7.53.05 PMTo overcome this challenge, Holmes and Greenlee write, technical analysts must better understand, relate to, and write for their customers because they are typically generalists, not technical wonks.

As cyber threat intelligence analysts, we should be keenly aware of this same challenge: communicating technical information to strategic customers. Our field is inherently technical and almost all intelligence products we produce–be it a simple analysis of an IP address, or a strategic threat briefing to the executives–will have a technical dimension.

At the tactical level, we are expected to produce technical products. Network defenders need technical data on threats, and they need to know what opportunities are available for creating counter measures or detection content.

But some threat intelligence teams may also be expected to produce strategic products. At this level, highly technical material is unlikely to provide the customer–presumably a CIO, CRO, CISO, or other high-level manager–with decision-enabling intelligence.

For example, a strategic briefing on commonly observed internal and external threats may assess the potential impact of the threat to the business (e.g., “what would happen to the business if we were to be infected with ransomware?”) along with an assessment of how well the organization can defend against it. Are there major gaps in the organization’s ability to defend against the threat? Are there areas where a re-allocation of resources or investment in other areas would boost defenses?

Because policymakers are most often generalists, scientific information in intelligence must be “translated” for the consumer into more accessible language. – Brian Holmes and Max Greenlee

To keep the main body of such a strategic briefing free of overly technical jargon, analysts could use call-out boxes, appendices, or graphs to supplement the material with technical details. Ideally, the result is that non-technical readers can still absorb the impacts, consequences, and opportunities associated with a threat while technical audiences can take action on the provided technical details. Time permitting, it is also appropriate to provide completely separate products to these two groups of customers.

Technical analysts may view this approach as a “dumbing down” of the material. It’s not. You are making a complex subject accessible to a non-technical audience and helping them to make decisions.

Science naturally involves the work of specialists, but policymakers make decisions as generalists, especially when they work at the strategic level – Brian Holmes and Max Greenlee

If you are an analyst on threat intelligence team, no matter how large or small, and your leadership expects strategic products, read and consider the points made in Holmes’ and Greenlee’s piece. By effectively translating technical subject matter into an easy-to-understand format, you can help your strategic consumers to better understand and prepare for threats.