Why defense can no longer rely on commercial cyber threat intelligence | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

Why defense can no longer rely on commercial cyber threat intelligence

Military cyber intelligence demands doctrine-led systems

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Cyber is no longer a supporting capability within defense operations. It now plays a central role in how military organizations assess threats, coordinate activity and make operational decisions.

Across NATO and allied forces, cyber intelligence is becoming embedded throughout the operational chain, from situational awareness and force protection through to targeting and strategic planning.

Strategic Account Director for Defense, CNI & Government at Eclectic IQ.

At the same time, the threat landscape is becoming more aggressive and interconnected. State-aligned cyber actors are operating with greater coordination, while the boundary between cyber and conventional military activity continues to erode.

The conflict in Ukraine has demonstrated how tightly digital and physical operations are now linked. Cyber intelligence is increasingly fused with conventional sources to support real-time operational decision-making on the ground.

In this environment, delays caused by reformatting, translation or inconsistent intelligence structures are no longer minor inefficiencies. They create operational friction at the point where speed, clarity and shared understanding are most critical.

AI-driven cyber warfare reshapes global defense readiness

Why our national sovereignty depends on cyber resilience

The cyber risk framework protecting your organization wasn't built for this adversary

This shift is unfolding alongside a renewed emphasis on collective defense. Coalition operations are intensifying, interoperability is under greater scrutiny, and the ability to exchange intelligence rapidly across trusted partners has become mission-critical.

As a result, intelligence platforms are no longer simply background technology. They now form part of the operational backbone supporting defense decision-making. Yet many of the systems still in use today were designed for commercial security environments, not doctrine-led military operations.

Most cyber threat intelligence platforms in use today originate from the commercial sector. They were built to support enterprise security teams, where priorities center on speed, automation and scale.

Defense operates differently because military intelligence is governed by doctrine. Frameworks such as NATO’s AJP-2, UK MOD JDP 2-00 and the US JP 2-0 define how intelligence supports operational and strategic decision-making. They establish shared terminology, structured processes and standardized reporting formats that allow forces to operate cohesively across commands and nations.

Crucially, doctrine is not simply theoretical guidance. It provides a common framework for direction, collection, processing and dissemination across the intelligence cycle, ensuring intelligence can move consistently from analyst to commander in support of operational decisions. When cyber intelligence does not align with these frameworks, friction emerges at the point where speed matters most.

Rethinking Zero Trust in the Age of Digital Warfare

Rethinking cyber defense in government with continuous exposure management

In many defense environments, analysts are already operating under significant pressure, managing high volumes of data from multiple sources. When intelligence must be translated, restructured and reformatted before it can be operationally relevant, that burden increases at exactly the moment clarity and speed are most critical.

The consequences extend beyond delay. Misalignment can lead to duplicated analyst effort, inconsistent terminology across organizations, loss of contextual understanding and difficulty fusing cyber intelligence with HUMINT, SIGINT and GEOINT into a coherent operational picture.

In coalition environments, where multiple organizations must work from a shared understanding, these inconsistencies can reduce confidence in intelligence at the point where it is needed to support planning and command decision-making.

This is no longer simply a question of efficiency. As cyber intelligence becomes more tightly integrated with operational planning, delays and inconsistencies at this stage can have direct mission impact.

Defense can no longer trade interoperability for sovereignty

The challenge is compounded by two parallel pressures shaping defense across the UK, Europe and allied nations.

The first is data sovereignty. Governments are placing greater emphasis on where intelligence is stored, how it is controlled and who can access it. Systems must align with national requirements for security and governance, particularly when dealing with sensitive or classified information.

The second is interoperability. Defense operations remain inherently coalition-based. Intelligence must be shared across trusted partners quickly, and in a format that can be immediately understood and acted upon.

Balancing these priorities is not straightforward. Commercially oriented platforms were not designed with this dual requirement in mind. Retrofitting them to meet both sovereign control and coalition interoperability introduces complexity.

It creates workarounds that place additional burden on analysts and planners, while increasing the risk of inconsistency across organizations.

Over time, this approach becomes increasingly difficult to sustain in operational environments.

Defense operations require intelligence by design

Defense organizations are reaching a more fundamental question than how to adapt commercial cyber intelligence platforms. They are beginning to ask whether those platforms were ever designed for the operational realities of modern defense in the first place.

An alternative approach is now required. Intelligence systems must be built around military doctrine from the get go, supporting the structures, processes and standards that govern operational decision-making, rather than sitting adjacent to them.

This requires shared terminology, structured reporting and recognized intelligence frameworks to be embedded into the core architecture of the platform. Cyber intelligence must integrate seamlessly with disciplines such as HUMINT, SIGINT and GEOINT, contributing to a unified operational picture rather than existing in isolation.

It also requires interoperability and sovereignty to be balanced by design. Intelligence must move efficiently across coalition partners while remaining aligned with national requirements for security, governance and control.

When these foundations are in place, the operational benefits become clear. Intelligence can move from analysis to decision-making with greater speed and consistency. Collaboration improves across commands and coalition partners. Analysts spend less time translating or restructuring outputs and more time generating operational insight.

As cyber intelligence becomes increasingly central to defense operations, the systems supporting it must evolve accordingly. Platforms designed for commercial security environments are no longer enough. Defense requires intelligence systems built for operational reality from the ground up.

This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

Strategic Account Director for Defense, CNI & Government at Eclectic IQ.

You must confirm your public display name before commenting

1 Microsoft says it's hard at work on a patch for this worrying Defender zero-day

2 The ultimate Pokémon quiz — from the anime and movies to the music and countless games, can you catch ‘em all?

3 Tesco dumps thousands of servers off VMware, blames 'abusive conduct' from Broadcom

4 Huge LG OLED TV sale at Best Buy knocks up to $1,500 off the LG B5, LG G5, and LG C5 — the 'best TV for most people'

5 Harlan Coben's I Will Find You ending explained: who kidnapped Matthew, does David find his son, who dies and the truth behind the death he was framed for

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Key Takeaways

News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Unlock and manage exclusive Techradar member rewards
Unlock instant access to exclusive member features
Get full access to premium articles, exclusive features and a growing list of member rewards