Intelligence Momentum and Critical Mass

data-analytics

I want to take a second and talk about momentum.  Specifically, momentum and building intelligence.  In this context, I am referring to momentum as the forward energy of analysis, (profiling, correlation, investigation) through the role sequence of volatile data to a realization of defined intelligence.  Regardless of the roles involved in the energy transfer (the “effort”), the presence of strong momentum dramatically increases the chances for realization results.  Alternatively, transfers with low or moderate momentum die out or even compromise realization outcomes.

In the realm of intelligence work, energy transfer can result in a strong, moderate or weak exchange, which means handing off energy through the role sequence is not enough.  More specifically, working in isolation and stovepipes can impede the passage of energy through the role sequence.  Momentum, especially analytical momentum, must meet a certain magnitude within each role in the chain (volatile to defined) to provide the level of energy needed to build intelligence maturity.  When proper momentum builds and is transferred, the receiving role gathers a growing amount of energy that helps commit the energy needed to achieve endeavor success (mature, defined intelligence).

As each role engages the next, you can test for momentum transfer by noting whether the build of data completely transforms—e.g. a volatile and isolated data point is modified by linking, infusing, correlating and other intel techniques to the point where it matures to the next role by-virtue-of the change—or, it relies on the next role to tug and pull it from the previous role.  For example, a single IP observed during a service ticket is volatile.  Linking it to other points of incident geometry creates a raw picture.  Further infusion of context and correlation guides that into a transformed state and so on until the full profile is defined and understood, rather than relying on raw data process to pull volatile data to vitalize the effort.

A critical question here becomes, “off what data does the initiative live?”  If one tier in the role sequence becomes sidelined or focused on another issue and temporarily lessens the focus on moving the analytical effort on, does the next tier continue the pursuit or does the analytical endeavor falter or disappear?  Sustaining the required analytical momentum means each tier in the network moves forward based on its own impetus and transfers that effort to the next tier.

Breakdown of the metric

  • The horizontal axis indicates the amount of effort required.
  • Vertical axis depicts the path of momentum transfer, as it moves from volatile data through the layers of information, analysis and profiling to a defined state. The axis also incorporates the influence of forces moving against understanding, inadequate information, unaligned threat assessment, cultural resistance, and/or weak synergy internally.
  • The solid green line shows the change in which momentum (analysis) meets little pushback from risk factors and moves quickly to the intelligence realization zone.
  • The solid purple line shows analysis (momentum) that faced significant risk factor counterforce and slowly and steadily overcome those forces.
  • The red solid line shows momentum (analysis) that made some headway at the beginning but then became overwhelmed by the counterforce before critical mass was reached.

About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.