Sierra Stanczyk - Cracking Intelligence Programs

Cracking Intelligence Programs
Lessons from Bletchley Park for building a

collaborative and innovative intelligence program
PwC Global Threat Intelligence

Prepared for SANS CTI Summit
January 2023
Photo credit: With kind permission of the Bletchley Park Trust.

Introduction
Sierra Stanczyk
Intelligence Operations Lead
PwC Threat Intelligence
PwC US, Global Threat Intelligence
Global capability
Joined PwC in November 2021 8 countries, 1 team
Previously with FBI for 12 years
• Threat strategy and prioritization efforts • Technical, tactical and strategic analysis
• Strategic and anticipatory analysis • Espionage, crime and emerging threats
• Tradecraft and knowledge management • Geopolitics and technological intersections
• Intelligence program growth and maturity • Research, analysis and client-facing projects
@s0urcesmeth0ds
January 2023
PwC Global Threat Intelligence 2
My journey to Bletchley Park
January 2023
Now arriving…

January 2023
About Bletchley Park
Bletchley Park’s role in World War II
Collection from multitude of sources,

including intercepts of Axis (German, Those indoctrinated (NTK)
Italian and Japanese) communications:
Morse transmissions
- Encrypted by ENIGMA Senior leadership
Non-Morse teleprinter
transmissions
- Encrypted by Lorenz
- *FISH*
Japanese diplomatic
wireless transmissions
- Encrypted by Purple
- *MAGIC*
Field commanders
Government Code & Cipher School (GC&CS)
HIGH LEVEL SIGINT = *ULTRA* Bletchley, Milton Keynes (Buckinghamshire),
United Kingdom - 1939-1946 Ministries, US partners
67 km/42 mi from London
January 2023

The challenges, in a nutshell… sound familiar?
“...constantly keeping up with new technology or

cryptological advances by the enemy; disseminating
intelligence to the right commanders in a timely way
that made it predictive, rather than purely academic;
and prioritising from a vast volume of traffic to find
intelligence that would be game-changing.”
- Robert Hannigan
Former GCHQ Director and Trustee of Bletchley Park
January 2023
Transforming information into intelligence: the cycle
01
08: Encryption, 02 01: Direction Finding
Dissemination
08
02: Collection
07: Production 03
03: Registration
06: Analysis & & Triage
Integration 07
04 04: Traffic Analysis,
05: Translation & Codebreaking
Indexing & Decryption
06
05 January 2023
8
Transforming information into intelligence: the system
01
08: Encryption, 02 01: Direction Finding
Dissemination
08
02: Collection
07: Production 03
03: Registration
06: Analysis & & Triage
Integration 07
04 04: Traffic Analysis,
05: Translation & Codebreaking
Indexing & Decryption
06
05 January 2023
9
Intelligence as a complex system
DIRECTION
DISSEMINATION
COLLECTION
ANALYSIS
PROCESSING January 2023
10
What made the system successful
DIRECTION
DISSEMINATION
COLLECTION
ANALYSIS
11
Priorities and requirements… not just words on paper
Values, common mission, priorities and

requirements permeated
Collaboration among Y station collectors,

codebreakers and analysts
Intelligence Factory mindset and

overcoming information overload
Are you invested in learning about your

colleagues’ work and priorities?
January 2023
DIRECTION
DISSEMINATION
COLLECTION
ANALYSIS
13
Get in, Wrens, we’re dispatching intercepts
January 2023
Every role had a piece of the puzzle
Photo credit: With kind permission of the Bletchley Park Trust. January 2023
More collection… more roles, needs and trust
Peaked at nearly 9,000 personnel by 1945;

considered growth, needs and flexibility
Knew encryptions were going to increase in

complexity, and intercepts in volume
Success hinged on trust in individuals,

functions and organization itself
Universal focus on sharing high value

intelligence with varied consumers

January 2023
DIRECTION
DISSEMINATION
COLLECTION
ANALYSIS
19
A neural network of memory and knowledge management
Emphasis on records, knowledge

management and memory (indices)
Information could be recalled from

past days or even years
Confluence of individual and

institutional expertise
What does the neural network of your

knowledge base look like?
DIRECTION
DISSEMINATION
COLLECTION
ANALYSIS
21
Trusting the (analytic) process
Critical thinking, collaboration and

the neural network
Diversity of products reflected needs

and consumers, types of intelligence
Breaking down internal and external

silo behaviors, stonewalling
Are analysts empowered to make

decisions about the process?

January 2023
DIRECTION
DISSEMINATION
COLLECTION
ANALYSIS
23
More than just feedback… constant communication
Constant sharing and discussion of information

and intelligence - recalibration and refinement
Direct communication where it made sense

(and removal of bureaucratic funnels)
Knowing the audience and what they wanted

vs. what they needed vs. what they asked for
Feedback was pervasive and vital to future

efforts for identifying high value intelligence

January 2023
Monitoring the vital signs
Monitoring the vital signs of an intelligence program
How does each team member define success for the

organization? For themselves?
Is collaboration organically occurring within the

team? Are team members self sufficient?
Are team members questioning aspects of how the

team operates or produces work?
Is the team trying new things? What happens when

they succeed vs. when they fail?
Does healthy debate occur within the team?

What happens afterwards?
Every team member has a unique perspective.

January 2023
Monitoring the vital signs of an intelligence program
Are boundaries and burnout discussed on the team?

Does the team rally when someone is struggling?
How are progress and impact tracked for the team?

For individual team members?
How is impact communicated within the team?

Do team members recognize each others’ efforts?
How diverse is the team, the work and the product?
How are problems or conflicts detected, raised

and addressed?
Every team member can monitor different vital signs.

January 2023
Cracking the code
Cracking the code
Intelligence Programs Complex, connected systems focused on high value intelligence
Shared Values & Priorities Promoting collaboration and concern among roles and teams
Diverse Roles, Fluid Structure Enabling critical thinking, innovation and growth
Neural Network of Knowledge Connecting individual and institutional expertise
Analysis & Dissemination Empowering analysts, valuing feedback and recalibration
Monitoring the Vital Signs Building trust and sustaining curiosity, growth and resilience
January 2023
Thank you!
pwc.com
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence.html
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining
specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law,
PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in
reliance on the information contained in this publication or for any decision based on it.
© 2023 PwC. All rights reserved. Not for further distribution without the permission of PwC. “PwC” refers to the network of member firms of PricewaterhouseCoopers International Limited (PwCIL), or, as the context
requires, individual member firms of the PwC network. Each member firm is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients.
PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for
the acts or omissions of any other member firm nor can it control the exercise of another member firm’s professional judgment or bind another member firm or PwCIL in any way.

Sierra Stanczyk - Cracking Intelligence Programs

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sierra Stanczyk - Cracking Intelligence Programs

Uploaded by

Copyright:

Available Formats

Cracking Intelligence Programs

Lessons from Bletchley Park for building a

PwC Global Threat Intelligence

Photo credit: With kind permission of the Bletchley Park Trust.

Photo credit: With kind permission of the Bletchley Park Trust.

Collection from multitude of sources,

Photo credit: With kind permission of the Bletchley Park Trust.

“...constantly keeping up with new technology or

Values, common mission, priorities and

Collaboration among Y station collectors,

Intelligence Factory mindset and

Are you invested in learning about your

Peaked at nearly 9,000 personnel by 1945;

Knew encryptions were going to increase in

Success hinged on trust in individuals,

Universal focus on sharing high value

Photo credit: With kind permission of the Bletchley Park Trust.

Emphasis on records, knowledge

Information could be recalled from

Confluence of individual and

What does the neural network of your

Critical thinking, collaboration and

Diversity of products reflected needs

Breaking down internal and external

Are analysts empowered to make

Photo credit: With kind permission of the Bletchley Park Trust.

Constant sharing and discussion of information

Direct communication where it made sense

Knowing the audience and what they wanted

Feedback was pervasive and vital to future

Photo credit: With kind permission of the Bletchley Park Trust.

How does each team member define success for the

Is collaboration organically occurring within the

Are team members questioning aspects of how the

Is the team trying new things? What happens when

Does healthy debate occur within the team?

Every team member has a unique perspective.

Are boundaries and burnout discussed on the team?

How are progress and impact tracked for the team?

How is impact communicated within the team?

How diverse is the team, the work and the product?

How are problems or conflicts detected, raised

Every team member can monitor different vital signs.

Intelligence Programs Complex, connected systems focused on high value intelligence

Neural Network of Knowledge Connecting individual and institutional expertise

Analysis & Dissemination Empowering analysts, valuing feedback and recalibration

You might also like