Strong intelligence key to cyber weapons development

A recent article in The New York Times that highlighted the role the United States had in the Stuxnet attack on Iran’s nuclear enrichment facilities continues to reverberate around the globe. When you add the comments by State Secretary Hilary Clinton about her department’s leadership role in the interagency cyberattacks that modified the content of an al Qaeda website, you can clearly see why governments around the world have taken notice.

Cyber weapons are a part of the arsenal for modern conflict. They continue to rapidly evolve, with new methods, techniques and designs appearing daily. There have even been a few venture capital investments in cyber weapons start-ups. Based on the number of contacts I have received from such start-ups, this clearly is a robust and growing field of endeavor. As such, the need for cyber intelligence supporting this modality of modern conflict has become evident.

“The fundamental principles of intelligence collection and analysis, as well as counter-intelligence, still apply, albeit in a new and different domain whose strategic effects easily spill over in to the other traditional domains we have always operated in,” said John Sheldon. He is a principal at The Torridon Group and formerly founded and directed the Cyber, Information, and Intelligence Power course at the Air Force’s Advanced Air & Space Studies at Maxwell AFB, Ala.

Cyber intelligence goes far beyond the basic identification of vulnerabilities in hardware and software. This rapidly evolving discipline must address the who, what, when, where, why and how of the thousands of cyberattacks that target military assets, and also the critical infrastructure, of nations. Arguably, it will be the non-technology related intelligence about this domain of conflict that will prove to be the greatest challenge.

One issue is the tendency of those in the intelligence community to cram cyber intelligence into the existing structural models of intelligence that have been in place for decades. Cyber intelligence is new and should be treated as such. Leverage what is appropriate from the past, but let the discipline evolve at its own pace and it will define itself.

The challenge of cyber intelligence collection and analysis is huge. Given that little if any infrastructures or facilities are required to construct and launch cyber weapons, the task that befalls this organization is more difficult than perhaps any other intelligence assignment in history. Consider the specialized knowledge and facilities needed to develop nuclear weapons. Cyber weapons require no special facilities. They can be, and probably have been, developed at a kitchen table. Now consider the special skills and knowledge required to create a weapon of mass destruction. There are no more than a couple of thousand individuals worldwide with those skills, which is not the case when it comes to cyber weapons. In some cases, vulnerabilities are disclosed publicly well before any defensive measures are developed.

The most frequent question I get asked about cyber intelligence is, “Should it be a new, stand-alone entity like a Cyber Intelligence Agency or should it be integrated into the existing military and intelligence communities?” (The former is a nice idea, but CIA already is taken.)

While “both” sounds like a flippant answer, it actually is a well-thought-out conclusion. While certain aspects of cyber intelligence should be integrated into the fabric of existing intelligence organizations, other aspects would be better handled by a stand-alone entity, coordinating with traditional intelligence organizations as the situation dictates.

As a nation, the United States has to get this right. We have to be on the leading edge of cyber intelligence. Given that the United States relies heavily on information technology to support the nation’s critical infrastructure, the economy and almost every aspect of modern life, investing in cyber intelligence should be a no-brainer.