Structured Analytic Techniques for Cyber Intelligence

The ability to go beyond current intelligence during the Bush administration’s efforts to find weapons of mass destruction in Iraq was limited at best. The inability to produce much more than daily news highlights named Current Intelligence continues today. Most cyber threat intelligence shops are forced to scour the previous night’s news sites using various automatic tools that aggregate data. The data is examined to see if it even relates to cyber security (another mistake) just to delivery some sort of morning report called “Daily Intelligence Summary.” There is little analysis, less relevance, and few who actually read the report. The worry that leadership will see something on the news, the internet, or in their email inbox scares intelligence teams into producing non-intelligence products.

Discoveries in the intelligence community that analysts were unable to set up estimates, forecasts, and long-range intelligence reporting were commonplace. The IC itself worked to solve that problem. Many intelligence analysts had exited the community leaving very hungry yet very green analysts to fill their shoes. Yet, they face commercial organizations where intelligence is rooted in cyber security with little understanding of what intelligence really is.

The mistakes made, the inability to properly analyze anything beyond short term daily assessments led to the creation of Structured Analytic Techniques.

“The concept of structured analysis and the practice of broadly and consistently applying structured techniques are relatively new in the Intelligence Community. Structured analysis is a mechanism by which internal thought processes are externalized in a systematic and transparent manner so that they can be shared, built on, and easily critiqued by others. Each technique leaves a trail that other analysts and managers can follow to see the basis for an analytic judgment. These techniques are commonly used in a collaborative team or group effort in which each step of the analytic process exposes analysts to divergent or conflicting perspectives. This transparency also helps ensure that differences of opinion among analysts are heard and seriously considered early in the analytic process. Analysts have told us that this is one of the most valuable benefits of any structured technique. Structured analysis helps analysts ensure that their analytic framework—the foundation upon which they form their analytic judgments—is as solid as possible. By helping break down a specific analytic problem into its component parts and specifying a step-by-step process for handling these parts, structured analytic techniques help to organize the amorphous mass of data with which most analysts must contend. This is the basis for the terms structured analysis and structured analytic techniques. Such techniques make an analyst’s thinking more open and available for review and critique than the traditional approach to analysis.”

Heuer Jr., Richards J. Structured Analytic Techniques for Intelligence Analysis. SAGE Publications.

The Treadstone 71 uses Structured Analytic Techniques from Richards Heuer as well as others collected over the years for use in preparing your analysis as well as documenting, tracking, and analyzing your evidence. Highly skilled intelligence analysts with anywhere from 8 to 15 years of experience develop keen skills in intuition. Many do not care to use structured techniques while others combine intuition and structured techniques for a balanced mixed based on available data, time available, and the situation at hand.

We teach these techniques with hands-on activities using cyber threat events from the headlines showing their fundamental value, when to use them, how they are used and where they contribute to the final products. We help you structure the data, analyze the data, and prepare the data for final analysis. The course covers non-inclusively:


  • What are they?
  • When do I use them?
  • Possible Sequence of use
  • Timeline/chronology
  • Network analysis
  • Brainstorming
  • Scenario analysis
  • Alternative futures analysis
  • Indicators
  • Indicators validator
  • STEMPLES Plus Indicators of Change
  • Hypothesis generation
  • Starbursting
  • Matrix
  • Categories by Dimensions
  • Solutions by Dimensions
  • Categories by Predispositions
  • Solutions by Predispositions
  • The multiple hypotheses generator
  • Help or Hinder
  • Cross Impact Matrix
  • Commitment Chart
  • Cause and Effect
  • Structure Analogies Matrix
  • Affinity Diagrams
  • Check Sheet
  • Data Points
  • Prioritization
  • Prioritization Matrices
  • Nominal Group Technique
  • Interrelationship Digraph
  • Matrix Diagram
  • Problem Solving/Process
  • Run Chart
  • Scatter Diagram
  • Diagnostic reasoning
  • Analysis of competing hypotheses
  • The Toulmin Method
  • Argument mapping
  • Deception detection
  • Key assumptions check
  • Outside in thinking
  • Pre-mortem assessment
  • What if? Analysis
  • High impact, low probability
  • Devil’s advocacy
  • Force Field Analysis
  • Matching Techniques to Tools
  • When to Use – Sequence Reminder
  • Quality of Information
  • 7 Step Problem Solving Model
  • Causal Loop Diagrams
  • Probability Tree Diagrams
  • Bayesian Analysis
  • MAPS
  • The Tools Themselves

Contact Treadstone 71 Today. Learn more about our Targeted Adversary Analysis, Cognitive Warfare Training, and Intelligence Tradecraft offerings.