The United States needs to expand its cyber intelligence authorities and capabilities to meet the Trump administration’s new cybersecurity strategy, according to top current and former government officials and academics.
The United States intelligence community’s ability to boost its surveillance of American computer networks, foreign adversaries and even third-party countries is integral to the Trump administration’s plan to be more aggressive in cyberspace.
“We are building relationships with U.S. institutions that are likely to be targets of foreign hacking campaigns — particularly in the nation’s critical infrastructure — before crises develop, replacing transactional relationships with continuous operational collaboration among other departments, agencies, and the private sector.” Gen. Paul Nakasone, head of U.S. Cyber Command and the NSA, said in the January edition of Joint Force Quarterly, a Pentagon publication. “This is a domain where 90 percent of the networks — the critical infrastructure — resides in the private sector, not in the public. This is primarily a private industry-driven domain.”
Under Nakasone, U.S. Cyber Command has embraced the concept of “defend forward,” meaning that cyber staffers operate against enemies on their own virtual territory. It is a tactic that requires significant intelligence capabilities.
“The framing of Cyber Command’s mission requires that it have real-time, fine-grained and current knowledge about adversary forces, capabilities, routines, operating venues and intentions,” wrote Chris Inglis, former deputy NSA director, in the new book “Bytes, Bombs and Spies.” Cyber operations require surveillance “that enables the command to go from a standing start to a precise and responsive engagement in the shortest possible time.”
To boost intelligence and surveillance activities, Inglis recommended improvements in three areas.
First, he suggested boosting sensors deployed in both Pentagon and adversarial networks that operate under existing and “emerging rules.”
Second, he advocated for a greater sharing of bilateral and multilateral information. Inglis appeared to suggest a greater collaboration with private critical infrastructure companies, but admitted it would be limited by “privacy protections and concerns over legal liability.”
Finally, Inglis suggested greater use of commercially available threat information to fuel the intelligence demands of more offensive cyber operations.
“The intelligence requirements for offensive cyber operations are going to be enormous,” Amy Zegart, a senior fellow at the Hoover Institution, a research organization, said during a Jan. 30 event at the National Defense University. But she said it was not clear what the surveillance requirements would mean for the structure of the intelligence community.
“The key is that the operational decisions need to be made with an understanding of the intelligence requirements behind them, and then dedicate the organizational structures and talent to match that.”