CIA Spies and Influencers Take On Cyber
Whether it’s to detect ransomware attacks or warn the international community of planned adversarial attacks, the Central Intelligence Agency (CIA) relies heavily on cyber capabilities.
Moderated by John DeSimone, president of cybersecurity, intelligence and services at Raytheon, the day-two fireside chat at the 14th annual Billington Cybersecurity Conference featured CIA Deputy Director David Cohen.
The event is being held at the Ronald Reagan Building & International Trade Center in Washington, D.C., September 5-8.
Speaking about the ongoing war in Europe, the deputy director said there was some surprise in Russia’s ineffective cyber attacks. The reason for that was Ukraine’s preparedness and collaboration with the United States and allied partners, as well as members of the private sector, following the 2014 invasion.
“The other piece is,” Cohen continued, “many of the [Russian] soldiers who were there on the border of Ukraine had no idea that they were about to invade.”
Though cyber—and physical—attacks, as well as an effort to increase cyber capabilities, have been an ongoing threat from the Russian military, it’s important to remember that this war is not one-sided.
“One thing that we have also witnessed is that the Russians have been on the receiving end of a fair amount of cyber attacks being directed at them from a range of private sector actors,” Cohen explained. The attacks have targeted Russian railway systems, government agencies, TV and radio broadcasts, as well as financial industry members.
Recalling a topic mentioned at this year’s Intelligence & National Security Summit, the deputy director spoke on the CIA’s social media efforts.
“We released today another recruiting video,” he announced. The video, which is in Russian, was publicized on various social media channels and is directed at disaffected, disgruntled and disgusted Russians who want to make a difference, Cohen said.
“The cyber tie-in is that as part of this video, we provide our dark web address,” Cohen continued. “You can use [the address] to get to us in a secure fashion if you are one of these Russians with a conscience who wants to volunteer.”
A constant challenge for the intelligence agency is information sharing, the speaker added. While the CIA has a fundamental obligation to protect all human sources—whether they provide minimal knowledge or agree to spy for the nation—the agency must also fulfill its duty to provide policymakers with necessary information.
“Figuring out that balance between protecting sources and methods, and having information that the president can use in the way that he sees best for the United States, is a tricky balance,” he explained.
In the run-up to the Russia-Ukraine war, for example, the White House released intelligence on Russia’s military operations. “[They were] able to put that out very effectively to take away from Putin both the element of surprise as well as the opportunity to blame Ukrainians for the invasion,” Cohen said. “It also helped to galvanize support with our allies … it was very effective use of intelligence.”
Furthermore, the CIA spokesperson explained, intelligence can be used to help communities learn where cyber attacks are originating, noting Chinese efforts to target U.S. entities.
Referencing images taken by the U-2 spy plane during the Cuban Missile Crisis, Cohen reminded the audience that throughout history, intelligence has been used for a variety of protective purposes.
The deputy director additionally spoke on Section 702, a highly debated part of the Foreign Intelligence Surveillance Act (FISA), which is up for potential renewal at the end of this year.
The act, though said to only target and obtain data from foreigners overseas using U.S. telecommunication providers, has drawn controversy due to privacy issues regarding American citizens.
“It’s not foreigners in the U.S.; not Americans overseas; it’s just foreigners overseas,” Cohen clarified. “It allows the agency, the NSA [National Security Agency], and others in the community to ask domestic telecom providers in a specific selector-by-selector basis to provide content on a foreigner overseas and their use of the U.S. telecom capability.”
The law fills a gap for intelligence agencies in mitigating adversarial threats, the speaker said. “It has been incredibly powerful in a whole range of national security issues, including cyber.”
Providing further examples, Cohen shared that 702 was a contributor to last year’s Kabul strike, which killed Ayman al-Zawahiri, al-Qaida leader and one of the perpetrators of the 9/11 attacks.
Cohen also noted Section 702’s role in efforts to mitigate the fentanyl crisis.
Citing community collaboration, the deputy director said detecting bad actors requires partnerships with many other agencies.
“Today, for instance, the Justice Department announced indictment of nine individuals associated with Trickbot, a cyber primal enterprise,” Cohen reported.
Trickbot is a Russia-based cyber-crime group that has targeted the U.S. government, companies and hospitals throughout the nation, according to a press release by the U.S. Department of Treasury.
Both the United States and the United Kingdom announced sanctions on additional members of Trickbot.
“The collection that we are involved in and the analysis that we have helps to sort of build out the understanding that leads to actions by the Treasury Department to impose sanctions,” Cohen explained.
This year produced a growing amount of ransomware attacks, he went on, and the CIA is very much involved in understanding and taking further action.
A third of the entire CIA staff is working on cyber, digital or technical issues on any given day, Cohen stated, referring to cyber-enabled human operations and humans-enabled cyber operations.
“I can’t go into too much detail on that, but one of the things that you get to do in the agency, working with cyber, is to do things that if you did on the outside, you would go to jail,” he shared, triggering laughter among audience members.