Intelligence Community: Cyberspies Needed

5 Breakthrough DARPA Technologies Beyond GPS

The US intelligence community is looking for ways to become proactive, rather than reactive, when it comes to cyber intelligence.

Speakers on a panel on "The Cyber Threat and the Role of Intelligence" at the Intelligence & National Security Summit last week in Washington, D.C., agreed that the creation of cyberspace has created the need for new ways to share information between the government and the private sector.

The cyber domain "is ungoverned space," said Richard Ledgett Jr., deputy director at the National Security Agency and moderator of the panel. "The threat is real, pervasive, and evolving. Putting a box on your network is not the answer. You need a whole ecosystem. [You] need hardware, software, processes, and you need intelligence."

[Catch me if you can: Federal Inaction Breeds ID Theft, Says Frank Abagnale.]

Army Brig. Gen. Paul Nakasone, commander of the Cyber National Mission Force at the US Cyber Command, said that, while the establishment of CyberCom is strengthening the military's capabilities, receiving information from the private sector is crucial.

"At the end of the day, we see only a portion of what happens in that space," Nakasone said. Finding out what attacks are hitting companies will provide CyberCom with "greater situational awareness... That's why partnerships are so important to us."

Lance Dubsky, the National Geospatial-Intelligence Agency (NGA) CISO, added, "Cloud is a reality. Mobility is a reality. Doing things in new ways is a reality. So I think that there has to be a greater partnership between government and industry on how to mitigate threats."

Ron Carback, an intelligence officer for cyber at the Defense Intelligence Agency, pointed out that threat intelligence "shapes the context for decision-making. It answers what capabilities we need as a nation."

To that end, the panelists said it is just as important to understand the "why" of the attack as it is the who and the how -- that's how to identify what their goals are, whether it's to steal intellectual property, military plans, or other sensitive information.

For example, a regional health system was targeted, said Tom Conway, director of federal business development at FireEye. Was it aimed at personal identifiable information (PII), or was it going to lead to Tri-Care, the Defense Department's health system?

To help address this challenge, the panelists agreed, the biggest need in the field of cyber intelligence is for analysts with the right blend of skills.

"We need critical thinking and communications skills," said Matt Gaston, director of the Emerging Technology Center at the Software Engineering Institute, Carnegie Mellon University. There is an ongoing discussion about whether to teach an analyst cyberskills or teach a network administrator about critical thinking.

Anecdotally, at least, everyone agreed it's easier to teach the cyberskills. "On the intelligence analysis side, it's critical thinking, understanding competing hypotheses," Gaston said. "That discipline, or art, is much harder to teach than the cyber bits."

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep getting your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)