What are Priority Intelligence Requirements (PIRs)?

Priority Intelligence Requirements (PIRs) refer to the most important information needed to make intelligence-based decisions, achieve key objectives and assess potential risks. PIRs help focus resources and efforts on gathering and analysing the most relevant and crucial information. They can be in the form of short sentences, questions or requests for information.

PIRs originated from the military and intelligence fields, and were developed as a way for intelligence organisations, particularly in the military, to outline critical information needs that are essential for decision-making, planning and achieving mission objectives.

The concept of PIRs has been adapted and applied in various domains beyond the military, including law enforcement, corporate security and cybersecurity. In each context, PIRs serve the purpose of guiding information collection and analysis to address specific challenges and achieve specific goals. In cybersecurity, for instance, PIRs help organisations prioritise threat intelligence efforts and allocate resources to better defend against cyber threats.

This can include understanding the tactics, techniques and procedures (TTPs) of cyber adversaries, their motivations, potential targets and the vulnerabilities they might exploit. PIRs serve as a guide for threat intelligence collection and analysis, helping organisations stay ahead of cyber threats and potential breaches.

How can PIRs be defined for your organisation?

An organisation’s PIRs can be defined by:

1. Understanding organisational objectives. Begin by understanding the organisation’s mission and goals and determining its most critical assets, systems, data and objectives – as well as  which areas of operation and assets need to be protected.
   
2. Performing a risk assessment. Analyse the current threat landscape specific to the organisation and industry. Identify prevalent cyber threats, vulnerabilities, potential adversaries and risks, and consider both internal and external factors that could impact the organisation’s security.
   
3. Involving stakeholders. Gather input from stakeholders across different departments and levels to gain a thorough understanding of information needs.
   
4. Prioritising information needs. Based on the organisation’s objectives and risk assessment, rank the information needs based on their importance and relevance to the organisation’s decision-making and risk mitigation. Consider factors such as potential impact, likelihood of occurrence and alignment with business goals.
   
5. Developing specific questions. Turn the prioritised information needs into clear, focused questions that require intelligence support.
   
6. Thinking about the intelligence cycle. Consider the planning, collection, analysis, dissemination and feedback. The defined PIRs must align with each stage of the intelligence process.
   
7. Focusing on timeliness and relevance. PIRs should be time-sensitive, actionable and focused on gathering intelligence that can help the organisation make accurate decisions quickly.
   
8. Setting metrics for evaluation. Figure out how to measure the effectiveness of intelligence gathered in meeting the PIRs. Define metrics that can measure its quality, timeliness and relevance.
   
9. Reviewing and updating regularly. PIRs must be regularly reviewed and updated to ensure they stay relevant to the evolving threat landscape and organisational needs.

By following these steps, organisations can formulate effective PIRs that allow them to focus their intelligence efforts on the most pressing cybersecurity threats and vulnerabilities.

What are some examples of PIRs?

PIRs can differ depending on the organisation’s specific objectives, industry and risk landscape. In the context of cybersecurity, some examples of PIRs include:

• Identifying and tracking cybersecurity trends, such as emerging attack techniques and how threat actors evolve their tactics
  
• Following trends in vulnerability exploitation relevant to an organisation’s systems and software
  
• Gathering intelligence on possible insider threats, such as malicious employees or suppliers with access to sensitive data and systems
  
• Taking into account geopolitical events and economic aspects that may affect cybersecurity, such as international trade conflicts or geopolitical unrest
  
• Assessing phishing campaigns used by threat actors to target employees and organisations
  
• Staying informed about malware campaigns that specifically target an industry, including the malware’s behaviour, delivery mechanisms and indicators of compromise
  
• Understanding supply chain risks that may affect the organisation’s customers, partners or competitors
  
• Monitoring the dark web and underground forums for any discussions related to the organisation, and identifying potential plans for attacks, leaks of sensitive data or discussions about exploiting systems
  
• Identifying regulatory changes and compliance requirements specific to an industry and the risks that could arise from non-compliance

These examples illustrate how organisations can tailor their PIRs to focus on specific threats, vulnerabilities and intelligence needs that are relevant to their industry, operations and security posture.

What is the role of PIRs in the intelligence cycle?

PIRs are a key part of the intelligence cycle as they guide the focus and direction of intelligence operations. Developing them gives the team a chance to learn about the organisation, work with different departments and research the relevance of threats to the organisation’s risk landscape and sector.

Here’s how PIRs fit into the intelligence cycle:

1. Planning and direction: PIRs are formulated at this stage, outlining the critical information required to address the specific challenges, threats or questions facing an organisation. Decision-makers identify their information needs and set the organisation’s intelligence objectives. PIRs are then created based on the key questions and issues that need answering. These questions show what kind of information is needed to meet the organisation’s main challenges and goals.
   
2. Collection: Intelligence experts gather information from multiple sources to address the PIRs. PIRs act as a guiding framework to ensure that the information gathered is relevant to the organisation’s intelligence requirements.
   
3. Processing and analysis: Once data is collected, it goes through processing and analysis to turn raw information into actionable intelligence. During analysis, intelligence experts examine the collected data in relation to the PIRs. They evaluate the information’s validity, relevance and reliability to produce meaningful insights and answers to the key intelligence questions.
   
4. Production: The analysis produces intelligence reports and products. These reports are tailored to satisfy the specific PIRs set in the planning phase and may be in the form of written reports, presentations or images to aid in effective decision-making.
   
5. Dissemination: The insights derived from the analysis are disseminated to relevant stakeholders, including decision-makers, operational teams and other relevant parties. The dissemination is tailored to address the specific PIRs, ensuring that the information directly supports the objectives.
   
6. Feedback and evaluation: Decision-makers provide feedback on the intelligence products, helping intelligence professionals understand the usefulness and relevance of the information provided. This evaluation guides future PIRs and refines the planning phase for upcoming intelligence cycles.

By directly linking intelligence requirements to decision-making needs, PIRs boost the value and impact of intelligence in supporting organisational goals.

How to optimise your PIRs with Silobreaker

Silobreaker helps manage the collection of data and production of intelligence based largely on PIRs that have been prioritised by customers to deliver actionable intelligence and automated reporting for better decision-making and risk mitigation.

It provides a centralised platform where you can gain immediate access to over 140 PIR-led dashboards and over 350 entity watchlists, customisable to your exact and evolving needs. Analysts can collect, analyse and disseminate data, and then create intelligence reports to share with decision-makers.

Silobreaker’s threat intelligence platform ensures continuous monitoring of the threat landscape, helping organisations stay up-to-date with evolving threats and changing intelligence requirements. Find out how one single platform can help you optimise your PIRs in a timely manner to reduce risk, faster.