SANS Digital Forensics and Incident Response

From Gut to Gold Standard: The Admiralty System in CTI

The presentation introduces the Admiralty Scale, a century‑old British Navy framework, as a rigorous method for evaluating source credibility and information reliability in cyber threat intelligence (CTI). Freddy argues that modern CTI suffers from opaque reporting, unverified claims, and bias, making it difficult for analysts and decision‑makers to trust assessments. Key insights include the need to treat source trustworthiness and data veracity as separate dimensions. Sources are graded from A (highly reliable) to F (unverified), while information is scored 1‑6 based on independent corroboration. By applying this dual rating, analysts can transparently convey what they know, what remains uncertain, and why. Freddy illustrates the system with three examples: an A1 rating for a widely‑used vulnerability backed by multiple trusted feeds, an E4 rating for a claim from a historically unreliable source, and a D rating for a new forum user whose credibility is still unknown. He emphasizes documenting source summary statements—a standard in intelligence communities—to justify each rating. Adopting the Admiralty Scale can curb misinformation cascades, improve stakeholder confidence, and embed critical‑thinking habits across security teams. Over time, systematic reassessment of scores will refine threat models and support more informed risk‑management decisions.