Cyber and Intelligence Need Each Other

Intelligence needs cyber, and cyber needs intelligence. How they can function symbiotically is a less clear-cut issue, with challenges ranging from training to legal policy looming as government officials try to respond to a burgeoning cyber threat.

The cyber threat is growing, and the defense and homeland security communities must strive to keep up with new ways of inflicting damage to governments and businesses. Many experts believe that the cyber threat has supplanted terrorism as the greatest national security issue, and new technologies are only one avenue for blunting the menace. Intelligence must expand its palette to identify and detect cyber threats before they realize their malevolent goals.

Many of these points were discussed in the first day of the two-day AFCEA Global Intelligence Forum, held July 30-31 at the National Press Club in Washington, D.C. Leaders from industry, the military and federal and local government converged in a lively discussion of challenges and their potential resolutions. No single approach reigned supreme among solutions, and the dynamic nature of both the threat and its environment heightened the uncertainty surrounding the future. One prediction that nearly all participants agreed on was that inaction in addressing cyber threats would be catastrophic for the nation as a whole.

The need for government and industry to work together for ensuring cybersecurity was one thread that ran through the day’s sessions. U.S. Representative Mac Thornberry (R-TX), a member of the House Permanent Select Committee on Intelligence, suggested that financial incentives in the form of a carrot-and-stick approach might be preferable to compel companies to implement effective information security. Firms might suffer financial penalties if they were sloppy with their security measures, or they might receive discounts on cyber insurance if they meet strong security standards.

Rep. Thornberry called for greater public discourse on the issue of government network surveillance. He spoke harshly about the congressmen who voted unsuccessfully to cut National Security Agency (NSA) funding, calling them demagogues and describing them as “people who don’t want to go to the briefings; they don’t want their minds to be cluttered by the facts; they just want to feed their Twitter streams.” Those who did attend the intelligence briefings understood the scope of the threat and recognized the vital importance of these efforts in protecting the United States.

“The more we can talk about cyber and intelligence in the open, the better we will be … the less the demagogues can take it and run with it,” Rep. Thornberry declared.

The FBI already has increased its cyber activities with industry, reported Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch. He admitted that this increased information sharing with the private sector is a relatively recent development. “The FBI was not a good partner in this arena until a year and a half ago,” he allowed. Previously, the FBI would be afraid to notify companies of intrusions out of fear of revealing collection methods. Now, the bureau is going after those intruders, even those who are overseas, and it wants help from industry.

McFeely stated that industry must provide vital information on intrusions, which can help prevent and deter future attacks. “We need you to report it immediately,” he said, addressing industry. “If you share malware, we can tell you how others mitigated the same situation. About 90 percent of the intelligence that sits out there resides with private industry,” he pointed out.

However, he emphasized that industry should not expect too much information in return. One problem the bureau has had is that companies often expect to learn the identity of the intruder. That is not always possible given confidential sources of information, and the FBI discourages firms from seeking that data. “We need to get away from the constant need of private industry to know who’s behind the keyboard,” McFeely offered. “We need to worry less about positively identifying [intruders] and focus on their intent and capability. We provide intelligence so you can defend your own networks, not so you can identify where an attack comes from.”

Local law enforcement is embracing cyber technologies, but so are the criminals. Cathy Lanier, chief of the Washington D.C. Metropolitan Police Department, stated that her department is the most automated in the country. But, just like international cybermarauders, criminals are using technology to their own advantage.

“Cyber is creating a different breed of criminal,” Chief Lanier said. “It has changed dramatically how criminals operate. Criminals are learning how to use these new tools faster than the old criminal methods—the expertise out there is staggering.

“Street criminals are using technology much more efficiently than we are,” the chief continued. “We’ve had to learn how to infiltrate cyber to fight crimes—even violent crimes.”

This new emphasis on cyber technologies is changing the nature of the police officer, the chief allows. “With all that technology, we have had to re-educate our entire police force and civilians on cybersecurity,” the chief offered. “We’ve had to change the type of employee we go after and teach the current police how to use it.”

Chief Lanier added that training alone is not the only part of the equation. The department must bring its the people up to speed on these new technologies, but it also must obtain the policy to go along with it. “It almost feels like completely reinventing police work,” she said.

While technology will play a large role in any cyber intelligence endeavors, it is not a solution in and of itself. A panel of experts listed several badly needed capabilities, such as information sharing, automated intelligence reporting and all-source analysis. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, allowed, “The world is introducing digital capabilities at a pace faster than we can understand them.”

However, Mark Young, former executive director, Directorate for Plans and Policy, U.S. Cyber Command, sounded a cautionary note. “Correlation does not necessarily mean causation—the role of the analyst is even more critical,” he declared. “We use these automated tools to find the needle, but so what?”

Emphasizing the importance of the human factor, Young added, “We can talk about the pace of technology all we want, but if you have the proper mindset for analysis, the technology doesn’t matter.”

Building an effective cyber intelligence workforce may be the most daunting task of all. Obsolete hiring rules and competition from the private sector loom large as impediments to the government’s ability to hire and retain good cyber intelligence personnel. Dan Scott, Office of the Director of National Intelligence, called for comprehensive civil service reform. “It [civil service hiring] was written for the industrial age; it will not work for the skill set we will need in cybersecurity. We need more flexibility to bring people in and retain them,” he declared.

Scott also pointed out that the government is offering less than half the annual salary than the private sector for skilled cyber graduates. Steven Chabinsky, chief risk officer and senior vice president for legal affairs at CrowdStrike, called for a new approach to training and education. “We have overemphasized college education to the point where people need their master’s degrees,” he charged. “Instead, we need more apprenticeships, and government can take the lead on this.”

Rear Adm. Edward Deets, USN (Ret.), director, software solutions division, Software Engineering Institute, Carnegie Mellon, pointed out the need for government support for professional development. “[The Defense Department] must invest in intelligence training and education tracks for people to be integrated into the cyber domain. It’s incredibly expensive,” he said.





On Day 2: Addresses by Eugene Kaspersky of Kaspersky Lab and by Sean Kanuck of the U.S. Office of the Director of National Intelligence; along with a panel on delivering cyber intelligence.