From Gut to Gold Standard: The Admiralty System in CTI

From Your Gut to a Gold Standard: Introducing the Admiralty System in CTI 🎙️ Freddy Murstad, Senior Threat Intelligence Advisor, Intelligence Tradecraft 📍 Presented at SANS CTI Summit 2026 This presentation introduces the Admiralty System, a time-tested framework originally used for evaluating intelligence. Today, this system offers CTI professionals a robust method for assessing the reliability of Cyber Threat Intelligence (CTI) in an increasingly complex digital landscape. The presentation will highlight its adaptability for addressing modern cybersecurity challenges and explore the system's historical context. A key focus will be on understanding the crucial distinction between Source Reliability (the trustworthiness of the origin of the information) and Information Credibility (the trustworthiness of the data itself), two core components of the Admiralty System. Using a real-world scenario, I will demonstrate how different sources and information are rated, and using QR-codes, enabling participants to develop a practical understanding of the system's application. The presentation will also discuss the benefits of implementing the Admiralty System for CTI professionals, including enhanced threat prioritisation, improved resource allocation, more effective collaboration through a shared language, and potential for automation. Furthermore, the presentation will address potential challenges in applying the Admiralty System, such as the rapid evolution of cyber threats, introduction of AI in CTI analysis, the overwhelming volume of threat data, and the element of subjectivity in assigning ratings. Strategies for mitigating these challenges, like regular calibration sessions and integration of automation, will also be discussed. By attending this presentation, CTI professionals will gain valuable insights into leveraging the Admiralty System to enhance the reliability and actionability of their cyber threat intelligence.