As we've learned in previous chapters, cyber intelligence focuses on the aggregation of information and providing actionable intelligence for personnel to carry out operations. Intelligence collection information is prioritized by the key stakeholders of the organization so that they can have the data necessary in order to make a decision. The raw data comes from the operational level, from teams at the ground level, and flows into the tactical areas of operations for middle management to take decisions on.

Understanding this, we look at strategic priorities for information as a means to enable the right resources to concentrate on the correct items that need to be addressed. The collection efforts and actions can be addressed by automated or manual means, which, if we utilize the tenets of OPSEC and understand OODA, we can create an Active Defense capability for, as a method on the tactical level of operations to proactively address threats. This capability can help reduce the probability of exploitation of vulnerabilities by making it difficult to penetrate the network by deception as well as mapping and providing a means to validate a specific threat to their TTPs.

This chapter was about the tactical level of how cyber intelligence enables an Active Defense capability. We need to also discuss how our operating teams can take the information and incorporate it in their own operations. Before we dig into each team and how to do it, we will need to provide an example of a tailored framework that utilizes information specific for a specialized team. In the next chapter, we will learn about how US special forces teams utilize intelligence to carry out their operations using a process called Find, Fix, Finish, Exploit, Analyze, and Disseminate (F3EAD).