The Evolving Role of Cyber Intelligence in National Security

When most people think about national security, they picture fighter jets, tanks, and uniformed service members. Cyber intelligence rarely comes to mind -  yet it’s one of the most critical and least visible tools in our defense arsenal.

Cyber intelligence provides the digital “eyes and ears” that help detect threats before they erupt into real-world crises. It’s what allows analysts to spot a brewing ransomware campaign or identify a foreign disinformation effort before it undermines public trust. In short, it’s the silent sentinel of modern national security (Bonfanti, 2018).

The Data Dilemma

Private-sector companies collect an astonishing volume of online data every day. In the right hands — and under the right frameworks — this information can support early detection of cyber or physical threats. But data alone isn’t intelligence. Raw information must be processed, analyzed, and contextualized to reveal what’s meaningful (Bonfanti, 2018).

The 2019 NAS Pensacola shooting is a sobering reminder of what happens when critical warning signs go unexamined. After the attack that killed three and injured eight, investigators found that the terrorist had repeatedly posted violent threats on social media (Kenney, 2020). Reports were made, but no effective review process existed to act on them.

This failure wasn’t just about oversight;  it underscored the complexity of modern threat detection. How do we monitor millions of online posts daily without trampling privacy? How do we distinguish genuine threats from digital noise? These are the questions at the heart of today’s cyber intelligence challenge.

Why Cyber Intelligence Matters More Than Ever

Our world is hyperconnected. Critical infrastructure -  from power grids and water systems to hospitals and transportation networks -  now depends on digital systems. A single cyber disruption can cascade into physical consequences.

A few years ago, my rural hometown’s emergency line went down due to a cyber-related systems issue. Multiple residents suffered life-threatening medical emergencies during that outage and couldn’t reach 9-1-1. This disconnection could have cost them their lives.

When bad actors or foreign adversaries target such critical systems, the impacts can be national in scope. That’s why cyber intelligence is no longer a niche discipline; it’s a core pillar of homeland defense (Kotsias, Ahmad, and Scheepers, 2022).

Defensive Counterintelligence for the Digital Age

According to Oosthoek and Doerr, Cyber Threat Intelligence (CTI) - when conducted effectively - is the private sector’s version of “defensive counterintelligence” as observed in the public sector agencies (2020). In theory, it has the potential to provide critical intel regarding cyber threats. 

Examples of this in practice include Belligcat’s open-sourced analysis of the Skripal poisoning, along with other tragedies such as the Syrian Civil War and the disappearance of Malaysia Airlines Flight 17 (Oosthoek and Doerr, 2020). Those detailed after-actions help cyber professionals understand the modern threat landscape and can inform decision-making; however, more insights are needed to provide early warnings. 

The private sector has numerous vendors, such as Klieglight, that provide such early detection warnings ("New Internet Alerting Service Provides Early Warning Intelligence for Cyber Threats, 2019). These programs are like smoke detectors - sounding the alarm when there’s just a whiff of something amiss. The potential of these technological tools is enormous. The challenge lies in integrating them responsibly across sectors while protecting civil liberties.

Balancing Security, Privacy, and Innovation

As we expand our use of cyber intelligence, we must also grapple with difficult questions:

• How do we process massive amounts of online data without infringing on individual rights?

• How can private companies like Meta or X (formerly Twitter) cooperate with national security agencies while preserving user privacy?

• What ethical frameworks must govern social media intelligence (SOCMINT)?

• How will artificial intelligence reshape the speed and scale of cyber threat analysis?

These aren’t hypothetical issues; instead, they define the future of digital defense. If handled well, cyber intelligence can act as a force multiplier for safety and stability. If mishandled, it risks eroding public trust and democratic values.

The future is ours to shape.

Will we trade freedoms for security, or risk security to preserve freedoms? 

References:

Bonfanti, Matteo E. “Cyber Intelligence: In Pursuit of a Better Understanding for an Emerging Practice” Cyber, Intelligence, and Security, Volume 2, No. 1 (May 2018): https://www.inss.org.il/publication/cyber-intelligence-pursuit-better-understanding-emerging-practice/ 

Kenney, C. M. (2020). Navy report: Lack of oversight, negative command climate were factors in deadly 2019 NAS Pensacola shooting. TCA Regional News. Tribune Content Agency LLC.

Kotsias, James, Atif Ahmad, and Rens Scheepers. 2022. “Adopting and Integrating Cyber-Threat Intelligence in a Commercial Organisation.” European Journal of Information Systems 32 (1): 35–51. doi:10.1080/0960085X.2022.2088414.

"New Internet Alerting Service Provides Early Warning Intelligence for Cyber Threats: BorderHawk Cybersecurity Announces General Availability of Klieglight Media Alerting Service." 2019.PR Newswire, Jun 21. http://ezproxy.apus.edu/login?qurl=https%3A%2F%2Fwww.proquest.com%2Fwire-feeds%2Fnew-internet-alerting-service-provides-early%2Fdocview%2F2244145223%2Fse-2%3Faccountid%3D8289.

Oosthoek, Kris, and Christian Doerr. 2020. “Cyber Threat Intelligence: A Product Without a Process?” International Journal of Intelligence and CounterIntelligence 34 (2): 300–315. doi:10.1080/08850607.2020.1780062.