As we all know, some of the primary functions of intelligence are supporting decisions and being on time. In other words, intelligence must be available to be valuable in decisions. Therefore, decisions SHOULD happen after we have generated the intelligence. (I know! It does not always happen, but it should.) Thus, one can argue that intelligence is “forward-leaning” as it supports a decision that has not yet been made.
“All intelligence should be forward-leaning, but not all intelligence should be forward-looking”
Source: Elizabeth Dos Santos
One key aspect of “forward-leaning” is that the intelligence has to be used within the near future, i.e., days to months before it loses its value. Because we have data, information, and perhaps even experience with the issue we are dealing with, we are in a position to make assessments about the near future. However, the value of our data, information, and past experiences diminishes as time passes.
But how much can intelligence “lean forward” before losing its value?
Or, put in another way, when should we go from being data-driven to concept-driven?
Image: Pherson & Pherson, Critical Thinking for Strategic Intelligence at Globalytica
Forward-Looking
Forward-looking analysis focuses beyond the “horizon,” i.e., to a future distant enough where we do not have data. It is used with foresight analysis and scenarios attempting to identify key drivers and develop a set of alternative scenarios based on these key drivers. It is also used to create indicators that signal whether a given future or trajectory is unfolding.
In cyber, forward-leaning analysis uses hypotheses based on historical data and ongoing incidents to assess the immediate future. this enables defenders to plan for possible incidents from relevant threat actors. Conversely, in forward-looking analysis, we use scenarios to identify possible futures and outcomes “beyond the horizon,” i.e., issues we cannot possibly solve by relying on existing data, experience, and knowledge. In cyber we often use scenarios for strategic purposes to address issues a year ahead or beyond.
You can learn more about this in our Intelligence Analysis Professional (IAP) certification for cyber analysts that we host several times a year across Europe.
In a future post I will talk a little more about the difference between prediction, forecasting, and foresight.
Stay tuned!
