Lessons From Our Cyber Past: History of Cyber Intelligence

On Thursday, September 27, the Atlantic Council hosted a stand-out panel discussion on the history of all-source cyber intelligence. The discussion was moderated by CTOvision editor and Crucial Point LLC founder and CTO Bob Gourley, who also has extensive cyber intelligence experience as the former Defense Intelligence Agency CTO and Director of Intelligence (J2) of Joint Task Force Computer Network Defense (JTF-CND). The panel was filled with a diverse group of cyber and intelligence veterans, each with their own experiences. The panel consisted of Rear Admiral Samuel J. Cox, Director of Intelligence (J2) for US Cyber Command, Matt Devost, President and CEO of FusionX with decades of experience as an intelligence and security entrepreneur, Jason Healey, Director of the Cyber Statecraft Initiative and former Director for Cyber Infrastructure Protection at the White House, and Sean Kanuck, National Intelligence Officer for Cyber Issues.

Gourley opened by explaining that we cannot tell the full story of cyber without its history. He brought up the poignant example of the cyber “wake up call” that we seem to hear every few years.  Willis Ware was writing about computer security for RAND since the 1960s, and 1988 Morris Worm was regarded as a cybersecurity wake up call back in 1988. Policymakers and defenders, however, have been declaring wake-up calls every few years since, including but not limited to 1999 for Solar Sunrise, 2000 for Moonlight Maze, 2009 for Buckshot Yankee, and 2011 for WikiLeaks. Gourley called this phenomenon “cyber threat amnesia” and hopes that events like this will help us learn from our history so that we heed past wake up calls rather than continuously hitting the snooze button.

As the principal investigator for the Cyber Conflict Studies Association’s cyber history book, Jay Healey has been looking carefully at the history of cyber conflict and intelligence. The national importance of all-source intelligence for cyber has been steadily rising, as Bob Gourley, the first person in charge of cybersecurity all-source intelligence, held the position as an O5 in the Navy, while Sam Cox, also present, now holds the same position for Cyber Command as a two-star. Healey also pointed out that we have extensive history to study, and that cyber isn’t as new as many claim, with Cuckoo’s Egg, a cyber attack against a national laboratory, occurring all the way back in 1986, giving us over 25 years of cyber history. Even the term “digital Pearl Harbor,” which politicians regularly predict in the near future, was first used in 1991. In the Air Force, Healey studied air campaigns dating back to the World Wars and learned valuable lessons, but for cyber he found that we dismiss events only a few years old. One important lesson that we can learn from historic cyber attacks is that, despite the sensationalism about attacks occurring at the speed of light, there is plenty of warning before a major attack as it tends to be tied to a nation state’s campaign. Estonia, for example, had two weeks of advanced notice before Russia’s historic attack on their information infrastructure. Another lesson is that, at the national security level, there is no real attribution problem. As major attacks have tended to be part of a national campaign, tracing the precise hackers may be difficult but it’s usually clear which government you need to call if you want the attacks to stop.

Matt Devost continued with the theme of lessons we can learn from the past. All of the early victories against cyber attacks and espionage came from humans rather than software and algorithms, indicating that we need parallel development for the human angle, not just technical collection.  Another lesson learned is on the value of information sharing and collaboration. That means that the government must share more threat information with the private sector rather than just collecting from it. That way, threat awareness becomes common and stops being a differentiatior for corporations, who now try to keep it to themselves.

Sean Kanuck, former CIA information warfare analyst and White House intelligence fellow and now the first National Intelligence Officer for Cyber Issues at the Office of the Director of National Intelligence, described what has and hasn’t changed over his time in cyber. Most of the questions we’re still asking, such as what qualifies as use of force and what requires national defense, haven’t evolved in the last 10 to 15 years. What has changed, however, is that such questions have finally reached the level of a national discussion. Cyber is now being debated on the floors of the House and Senate and makes front page news. As Sean noted, everybody now agrees that the fire alarm is ringing, though some heard it 15 years ago. With that consensus, we are now looking at each other asking where the stairwell might be. Kanuck also commented on the future, saying that we now need to develop strategic level discourse. To develop cyber strategy, however, analysts must do their homework and learn the history.

Sam Cox spoke last about the historic role of Cyber Command in all-source cyber intelligence. Traditionally, there were four groups dealing with cyber, the operators who maintained the infrastructure and the defenders, who were at a low classification level and had little access to intelligence, as well as the exploiters and attackers, who operated in a highly classified environment and rarely communicated with the others. With Cyber Command, these groups can finally collaborate and share information. RADM Cox also agreed with Sean on warning time, but noted that in order to identify what’s abnormal, we need more insight into our networks so that we know what’s normal. Cox also noted that following the laws of armed conflict in cyber poses a major challenge, as minimizing collateral damage and fratricide is much harder than simply striking like malicious actors.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

Watch For More Product Feature Enhancements for Actifio Following $100M Funding Round

Navy Information Dominance Corps: IT still searching for the right governance model

DISA Provides A milCloud Overview: Looks like progress, but watch for two big risks

Innovators, Integrators and Tech Vendors: Here is what the government hopes they will buy from you in 2015

Navy continues to invest in innovation: Review their S&T efforts here

MSPA Unified Certification Standard For Cloud Service Providers: Is This A Commercial Version of FedRamp?

Watch Ben Fry And His Visualizations: Multiple use-cases come to mind, including national security efforts

Agenda And More Details for 4-5 March NIST Data Science Symposium

Actionable Insights From AFCEA Western Conference and Exposition 2014

solid