We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Intelligence Preparation of the Cyber Environment (IPCE) and PESTLE Analysis

IPCE + PESTLE Analysis: Intelligence Preparation of the Cyber Environment

How does your business prepare to enter a new market or do business in a different geography? Do they consider the cyber element, the risks involved, and how you can manage them? You should! You should use Intelligence Preparation of the Cyber Environment (IPCE).

IPCE is a methodology for evaluating the risks present in your business’s cyber environment. It empowers you to analyze everything from environmental factors like technological trends to threat actors who will target you. This guide will teach you how to perform IPCE in four simple steps, along with PESTLE analysis to assess the macro-environmental factors that could impact you,

Let’s start by defining IPCE and PESTLE so you can use them to operationalize cyber threat intelligence, manage risks, and even generate intelligence requirements!

What is Intelligence Preparation of the Cyber Environment (IPCE)?

Picture the scene. You are about to perform a military operation in a foreign land. You’ve never been there before, don’t know what threats you might face, and only have a few weeks to prepare. What do you do?

Obviously, you need a systematic method to plan the operation, scope out threats, and analyze the factors that could impact your operation. This is where Intelligence Preparation of the Battlefield (IPB) comes in. It is a systematic way of studying and organizing information about a specific area of operations (AO) to help support decision-making.

IPB helps commanders understand the battlefield by analyzing terrain, weather, enemy capabilities, and other environmental factors. This understanding enables them to predict potential challenges, opportunities, and courses of action for friendly and enemy forces.

For example, if you were to conduct a military operation in Egypt, you would recognize that the hot weather is an environmental factor you must plan for.

The military uses IPB to examine the battlefield and gain insight into what factors they must overcome (or use) to succeed. But how does this relate to cyber?

IPCE + PESTLE Analysis Cyber Warrior

You can apply the idea of IPB to the cyber environment where your organization does business. This is aptly named Intelligence Preparation of the Cyber Environment (IPCE) and is a systematic process of analyzing environmental factors and threat actors that may impact your organization’s digital environment.

IPCE allows you to protect your organization by illuminating its cyber environment, threats, and courses of action threat actors may take to target you. Its purpose is to analyze the digital terrain, identify vulnerabilities, understand potential adversaries, and evaluate risks in a business’s cyber environment.

A comprehensive understanding of your cyber environment allows you to proactively strengthen defenses, prioritize security investments, and tailor your incident response strategies to the dynamic nature of cyber threats.

To perform IPCE effectively, you need an environmental scanning technique that allows you to identify environmental factors that may impact your business. This is where PESTLE analysis comes in.  

You can also combine IPCE with other analysis techniques, such as Crown Jewel Analysis to identify critical assets and Threat Modeling to evaluate threats.

What is PESTLE Analysis?

PESTLE analysis is a framework for assessing the external factors that can impact a business and its operations. It allows you to separate macro-environmental factors and analyze how they may impact you.

For example, what are the main political issues in the country where your business operates, and how might they impact it? What is the economic projection of your business, and how will this impact your IT/security budget? Does the business have any legacy software applications, and how will they impact the security of systems?

The Six PESTLE Analysis Environmental Factors

These questions all fall under one of PESTLE’s six environmental factors.

  • Political: Examines how government policies, political stability, taxation, trade restrictions, and regulatory frameworks influence the business environment.
  • Economic: Looks at economic factors such as inflation rates, interest rates, economic growth, unemployment levels, and currency exchange rates that can affect market dynamics.
  • Social: Considers societal trends and cultural factors, including demographics, consumer behaviors, lifestyle changes, and education levels.
  • Technological: Evaluates the impact of technological advancements, innovation, automation, research and development, and the overall pace of technological change.
  • Legal: Analyzes the legal environment, including employment laws, health and safety regulations, consumer protection laws, and other legal constraints or opportunities.
  • Environmental: Focuses on ecological and environmental aspects, such as climate change, sustainability practices, environmental regulations, and the impact of environmental factors on the business.

Other environmental scanning techniques, like PESTLE, include similar categories like PEST and STEEP. Some also add categories like PESTLE/MG, which adds Military and Government as factors. If these are relevant to you, add them.

PESTLE analysis is often used in market analysis. However, you can also use the technique in cyber threat intelligence (CTI) to help generate intelligence requirements, create Request for Information (RFI) tasks, or for strategic planning (e.g., the cone of plausibility). This analysis lets you make informed decisions that navigate potential risks and seize emerging opportunities.

In this guide, you will use it to determine the environmental factors that exist in a business’s cyber environment and how they might impact it. Each PESTLE category acts as a driver to aid you in generating ideas or questions about things that might impact your business’s security.

Let’s see this in action!

Four Steps for Performing IPCE Using PESTLE

IPCE is typically performed when an organization enters a new environment, such as a business entering a new market or adding a new location. However, it can also help your CTI team generate intelligence requirements or perform strategic planning to manage new risks.

To perform IPCE, you can follow a simple four-step process:

  1. Determine the Environment
  2. Determine the Environmental Effects
  3. Evaluate Potential Threat Actors
  4. Determine Courses of Action
The Four Steps to Perform Intelligence Preparation of the Cyber Environment (IPCE)

Let’s see each of these steps in action and how PESTLE analysis can help you perform IPCE.

Step 1: Determine the Environment

The first step is to identify and map out your cyber environment. You must assess key digital assets, networks, and systems within your organization and operational space.

To do this, split your cyber environment into internal and external networks.

IPCE Operational Environment: Internal and External Network

Your internal network can consist of network diagrams, physical devices like servers/routers, applications and software used, and assets that are critical to business operations. Meanwhile, your external network includes employee online profiles, services used, shadow services, and your supply chain.

The internal network is often easy to define; it just takes a while if you don’t have a pre-existing asset registry. However, the external network can be challenging to scope because of shadow IT’s nature.

You must also document the interconnections between your internal and external networks.

  • What trust boundaries exist? Do you have different privilege levels for users? Are your networks segmented?
  • What third-party services have access to your data? How is this secured? What internal networks, data, or systems can be accessed from the outside?
  • What entry and exit points exist in your networks? Do you have security controls at these points?

Often, determining your cyber environment is the most time-intensive step, particularly if you are a large organization. It requires collaboration with different business units and thorough documentation. Tools like Microsoft’s Threat Modelling Tool can help you scope assets, define network boundaries, and build a threat model.

Here are some things to make sure you include when mapping your operational environment.

Internal Network
  • Systems: security controls, data stores (databases), processes, operating systems, and versions.
  • Data: where it is generated, where it flows, where it is stored and processed.
  • Users: include internal, external, developer, and privileged.
  • Network diagrams.
  • Physical and tangible devices (e.g., servers, firewalls, routers).
  • Software and applications (including details on their versions).
  • Key assets.
External Network
  • Third-party services (e.g., CRM, GitHub, Cloud, Email).
  • Storage services (e.g., Dropbox, Google Drive, OneDrive, S3).
  • Cloud services (GCP, Azure, AWS).
  • Software-as-a-service (SaaS) applications.
  • Data in the supply chain.
  • Employee social media (e.g., LinkedIn profiles).
  • Software dependencies (e.g., packages, libraries, etc.).

Step 2: Determine the Environmental Effects

Once you know your environment, you can assess the environmental factors that may impact it. This is where PESTLE analysis comes in.

You can use PESTLE analysis to evaluate how your business’s cyber environment will impact security and the associated risks you must manage. Use each PESTLE environmental factor as a driver to assess the risks your business will face.

For instance, a recent cultural shift has been working from home (WFH). You can list this as a potential risk and use PESTLE analysis to determine the environmental effects. A brief analysis is shown below.

PESTLE FactorNarrativeRisk Factor (1-10)
PoliticalOther organizations may not allow business to be conducted remotely and require face-to-face meetings.2
EconomicAn additional budget is required to facilitate technology requirements to support WFH.2
SocialLack of in-person connection may lead to more disgruntled employees, raising the risk of malicious insiders.6
TechnologicalWFH requires additional security technologies to secure internal resources and networks (e.g., VPN).8
LegalCompliance requirements state that data/systems must be in the UK. This could affect remote work abroad.4
EnvironmentalWork is dependent on the quality of the employees’ Internet connection. Severe weather or employee location may affect this.1

Here are some useful questions you can use during this stage to drive your PESTLE analysis:

Political
  • How does the country’s political situation affect the industry/organization (e.g., Brexit)?
  • What are internal politics like (business strategy, out-sourcing, etc.)?
Economic
  • What is the business’s capital like? Is there a budget for IT/Security spending?
Social
  • What social factors may impact you (e.g., disgruntled staff)?
Technological
  • Does the business have to operate with certain legacy operating systems?
  • Is the business implementing new IoT devices in the building?
Legal
  • Is there any current legislation regulating the industry, or can any changes be coming to the industry?
Environmental
  • Changes in the weather. Could people be working from home?

These questions will help you generate ideas about potential risks you must consider. From here, you can map the potential impact of each environmental factor and generate a risk score to prioritize it. You will use the risks identified in this step when you evaluate the likely courses of action adversaries will take to target your business.

Step 3: Evaluate Potential Threat Actors

After evaluating all the environmental factors that may impact your organization, you can move on to assessing the threat actors who may target you.

This step is all about answering who, what, where, when, and why questions related to cyber threats.

  • Who will target you: is it a cybercriminal, hacktivist, or nation-state?
  • Why will they target you: financial gain, social movement, or espionage?
  • What will they use: what tactics, techniques, and procedures (TTPs) will they use against you?
  • Where will they target: what people, processes, or technology will they target?
  • When will they strike: during holidays, major business changes, or political events?

You can answer these questions by breaking down critical components of your cyber environment (key assets) into systems that a threat actor will target. Next, map what actors would want to target them and what they would gain by doing so. This will allow you to explore likely targets and determine the courses of action an adversary will take against you to achieve their objectives in the next step.

Remember, different groups will target different aspects of your environment differently. They will have different intentions, goals, and objectives they aim to accomplish by attacking you (e.g., a hacktivist performing a DDoS attack vs. a cybercriminal deploying ransomware). You must prioritize the threat actors you will face based on their capability, motivation, and intentions. A great strategy to do this is threat profiling.

Using the Threat Box model is a great technique for determining who will target you. Andy Piazza and Katie Nickels gave a great SANS talk on how to use it!

Step 4: Determine Courses of Action

The final step is determining the most likely course of action an adversary will take to attack you. This is based on the vulnerabilities and weaknesses you identified in your cyber environment, along with environmental factors and potential threat actors.

You want to anticipate the potential attack vectors that an adversary will exploit, the attack methodologies they will employ to achieve their objectives, and what defensive recommendations you can provide to counter these.

  • Will the adversary target you with phishing to gain initial access? If so, who is likely to be targeted, and how?
  • Is your organization likely to be a victim of a ransomware attack? What recommended course of action can you give to prevent this?
  • Is your supply chain at risk? What defensive recommendations can you give to reduce this risk?

Your analysis at this stage will inform defensive strategies, risk assessments, and incident response planning for the future. It is where the accumulation of your past effort comes to fruition, and you share intelligence with key stakeholders.

The Intelligence Preparation of the Cyber Environment (IPCE) Process
Source

At the end of your IPCE analysis, you should have the following documentation:

  • A comprehensive map of your organization’s cyber environment. This includes internal and external networks, trust boundaries, and entry and exit points.
  • A matrix of environmental factors that will impact your organization, along with a risk score.
  • A list of threat actors who are likely to target you. This should include answers to the questions of who, what, where, when, and why.
  • A list of the most likely courses of action that will be taken against your organization by an attacker and defensive recommendations to counter these.

This documentation will allow you to create an intelligence product that your intelligence consumer can use to make informed decisions when the business enters a new cyber environment. It can be used to create a risk registry, generate intelligence requirements, or support strategic business decisions.

Conclusion

Intelligence Preparation of the Cyber Environment (IPCE) is a systematic process that applies the principles of traditional Intelligence Preparation of the Battlefield (IPB) to cyberspace for businesses and organizations.

It allows you to evaluate the risks present in your business’s cyber environment and determine adversary courses of action you must defend against. Performing IPCE allows you to create an intelligence product informing key stakeholders of the risks they will face when entering a new market or geography.

Try performing IPCE using the simple four-step process outlined in this guide, along with PESTLE analysis. This is a good starting point for creating a risk registry, generating intelligence requirements, and supporting strategic business decisions. Good luck!

Frequently Asked Questions

What is Intelligence Preparation of the Battlefield (IPB)?

Intelligence Preparation of the Battlefield (IPB) is a systematic methodology used by the military to evaluate information about a specific area of operations (AO). IPB helps commanders understand the battlefield by analyzing terrain, weather, enemy capabilities, and other environmental factors.

This understanding enables them to predict potential challenges, opportunities, and courses of action for friendly and enemy forces. It can be adapted to the cyber domain to help businesses assess the risks present in their cyber environment through Intelligence Preparation of the Cyber Environment (IPCE).

What Are the Four Steps of IPCE?

Intelligence Preparation of the Cyber Environment (IPCE) is a systematic process that applies the principles of traditional Intelligence Preparation of the Battlefield (IPB) to cyberspace for businesses and organizations. It has four steps:

  1. Determine the Environment: Map all digital assets, internal and external, that an organization has.
  2. Determine the Environmental Effects: Evaluate the environmental factors that could impact the security of those assets.
  3. Evaluate Potential Threat Actors: Assess the potential threat actors targeting those assets.
  4. Determine Courses of Action: Identify the most likely course of action that will be taken against the organization to compromise those assets and make defensive recommendations to counter this.
What does PESTLE Analysis Stand For?

PESTLE analysis is an environmental scanning technique for analyzing how macro-environmental factors may impact business operations. It defines six environmental factors that must be considered:

  • Political: Assesses how policies, stability, taxation, trade restrictions, and regulations impact business.
  • Economic: Considers inflation rates, interest rates, economic growth, unemployment, and currency exchange affecting markets.
  • Social: Reviews societal trends, demographics, consumer behaviors, lifestyle changes, and education.
  • Technological: Analyzes the effects of technological advancements, innovation, automation, and R&D pace.
  • Legal: Examines employment laws, health regulations, consumer protection laws, and legal constraints/opportunities.
  • Environmental: Addresses climate change, sustainability practices, environmental regulations, and their business impact.
Are SWOT and PESTLE the Same?

SWOT and PESTLE are both analytical tools used in strategic planning. SWOT focuses on evaluating an organization’s internal Strengths and Weaknesses and external Opportunities and Threats. PESTLE examines external macro-environmental factors that can influence an organization’s operations.

Use SWOT to gain insight into an organization’s performance and competitive position. Meanwhile, PESTLE should be used to understand the broader context in which the organization operates. Both can offer a holistic understanding, facilitating effective decision-making and strategic planning.

Related Posts