Lessons from Iraq for cyber security analysts

Before you rush to blame that APT group in China, remember the Weapons of Mass Destruction debacle…:

[…] But cyber analysts can learn from mistakes made in other fields and Beebe shared three lessons from the Iraq WMD intelligence failure and the cognitive traps that led to it, saying g that they apply to all analyses:

  • Lesson 1: Explore alternative explanations for the things you are seeing – seek different explanations for emerging developments.
  • Lesson 2: Take a walk in the other guy’s shoes – attempt to see things through the eyes of potential adversaries.
  • Lesson 3: Look to disconfirm rather than to confirm – i.e. support plausible analytic hypotheses. Don’t fall into the trap of confirmation bias.

“One of the most significant problems facing intelligence analysts is nearly always that the information you have is consistent with multiple explanations. A basic data that proves one hypothesis can, in fact, be completely consistent with a different hypothesis that you hadn’t considered,” Beebe explained.

[…]

Original article here