Intelligence needs cyber, and cyber needs intelligence. How they can function symbiotically is a less clear-cut issue, with challenges ranging from training to legal policy looming as government officials try to respond to a burgeoning cyber threat.
The cyber threat is growing, and the defense and homeland security communities must strive to keep up with new ways of inflicting damage to governments and businesses. Many experts believe the cyber threat has supplanted terrorism as the greatest national security issue, and new technologies are only one avenue for blunting the menace. Intelligence must expand its palette to identify and detect cyber threats before they realize their malicious goals.
Protecting the nation from cyber attacks entails deterring or preventing marauders from carrying out their malevolent plans. But, while government and the private sector endeavor to fight the menace jointly, evildoers constantly change their approaches and learn new ways of striking at vulnerable points. So many variables have entered the equation that even the likelihood of attacks—along with their effects—is uncertain.
These were among the many points discussed in the two-day AFCEA Global Intelligence Forum held July 30-31 at the National Press Club in Washington, D.C. Nearly all participants agreed that inaction in addressing cyberthreats would be catastrophic for the nation as a whole.
The need for government and industry to work together for ensuring cybersecurity was one thread that ran through the event’s sessions. U.S. Rep. Mac Thornberry (R-TX), a member of the House Permanent Select Committee on Intelligence, suggested that financial incentives in the form of a carrot-and-stick approach might be preferable to compel companies to implement effective information security. Firms might suffer financial penalties if they were sloppy with their security measures, or they might receive discounts on cyber insurance if they meet strong security standards.
Thornberry spoke harshly about the representatives who voted unsuccessfully to cut National Security Agency (NSA) funding, calling them demagogues and describing them as “people who don’t want to go to the briefings, they don’t want their minds to be cluttered by the facts, they just want to feed their Twitter streams.” Those who did attend the intelligence briefings understood the scope of the threat and recognized the vital importance of these efforts in protecting the United States.
“The more we can talk about cyber and intelligence in the open, the better we will be … the less the demagogues can take it and run with it,” Thornberry declared.
The FBI already has increased its cyber activities with industry, reported Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch. “The FBI was not a good partner in this arena until a year and a half ago,” he allowed. Previously, the FBI would be afraid to notify companies of intrusions out of fear of revealing collection methods. Now, the bureau is going after those intruders, even those who are overseas, and it wants help from industry.
McFeely stated that industry must provide vital information on intrusions, which can help prevent and deter future attacks. “We need you to report it immediately,” he said, addressing industry. “If you share malware, we can tell you how others mitigated the same situation. About 90 percent of the intelligence that sits out there resides with private industry,” he pointed out.
Sean Kanuck, national intelligence officer for cyber at the National Intelligence Council in the Office of the Director of National Intelligence, disparaged the concept of a massive cyber attack bringing the entire country to its knees. This “digital Pearl Harbor Armageddon” is not likely to happen for a variety of reasons, he declared. Instead, a successful cyber attack is likely to have a regional rather than national impact and last only a few days at most.
And the only nations that are most capable of launching a devastating cyber attack are not likely to do so, he offered. It would not be in the best interests of these nations to bring down the United States, except possibly in an existential military conflict that threatens their regime or as a part of a major war. Instead, they likely will use their advanced cyber capabilities to pursue a wide range of espionage—which they are doing today, he noted.
The most devastating cyber attack might not even be visible, Kanuck continued, citing the potential for vital data to be altered by cybermarauders. He warned of the day that a corporate chief executive officer or even a U.S. president might not be able to trust the normally reliable data needed to make a crucial decision. That situation might be even more damaging than cyber attacks currently envisioned as realistic near-term threats. If data is altered without people immediately realizing it, they may discover it only after financial records are not clearing and balancing, for example.
“The question will be, can I trust my data from being altered?” he offered. “Whether it is national security information for the president, or financial information for a chief executive, when you don’t know whether the data is true or false, it’s a really bad day.”
While bringing down the nation may not be in the cybercards, other types of cyber attacks loom as potentially destructive threats. Eugene Kaspersky, chief executive officer and co-founder of Kaspersky Lab, warned of the potential for attacks on supervisory control and data acquisition (SCADA) systems, citing examples that included collateral damage to systems that were not targeted by renegade malware.
Kaspersky even offered that democracy may be at risk in 20 years. Today’s youth spend most of their time online, and when they are older they will opt in large numbers for online voting. Absent an effective way of verifying voter identities online, the election system may collapse from organized fraud that destroys the fidelity of elections and, with it, true representative government. Kaspersky’s proposed solution is “a 100 percent, biometric-based digital identification card.”
While technology will play a large role in any cyber intelligence endeavors, it is not a solution in and of itself. A panel of experts listed several badly needed capabilities, such as information sharing, automated intelligence reporting and all-source analysis. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, allowed, “The world is introducing digital capabilities at a pace faster than we can understand them.”
However, Mark Young, former executive director, Directorate for Plans and Policy, U.S. Cyber Command, sounded a cautionary note. “Correlation does not necessarily mean causation—the role of the analyst is even more critical,” he declared, emphasizing the importance of the human factor.
For complete coverage of the 2013 Global Intelligence Forum, see its Event eNews page.