news
March 14, 2022by Delilah Schwartz

A Cyber-Centric Revolution in Intelligence Affairs

As the pace of digital disruption accelerates at rapid speed, we find ourselves in the midst of a transitional stage, where those who fail to embrace the revolutionary potential of cyberspace and automation will fade into obsolescence. In this new age of cyber-centrism, radical change is the only option.

Throughout human history, technological innovation and advancement has often led to a disruption, transforming the demands, needs and processes of an existing market or practice and rendering established technologies and methodologies obsolete. Those who failed to identify the revolutionary potential of new technologies - be they governments, global enterprises or private organizations - lost their advantage, and with it, their relevance.

This history demonstrates that simply identifying and adopting new and disruptive technologies is not enough. In order to fully realize the revolutionary potential of innovation, the incumbent market must undergo radical transformation, implementing conceptual, structural and strategic change to make way for an entirely new paradigm of operation.

As the pace of the digital transformation accelerates at rapid speed, we find ourselves today in the midst of such a transitional stage, moving from an old paradigm - which is growing increasingly difficult to sustain - to a new paradigm that has yet to fully take shape. The rapid advancements of the digital revolution (as discussed in the previous installment “Overcoming The Information Overload With Agility And Innovation”) have brought about substantial changes in the age-old practice of intelligence. The shifting technological conditions of the current era have heralded both vast opportunities and significant constraints to the intelligence process. Amid the changing demands of the information age, intelligence professionals are at a disadvantage, attempting to adapt to the digital revolution while remaining rooted in the approaches, structures and processes of a decades’-old intelligence cycle paradigm. The dominance of this outdated intelligence cycle model is most blatantly reflected in the organizational structure and functional division within the US intelligence community, but remains prevalent in the paradigms and logic that govern intelligence work in general.

The institutional framework enacted by the National Security Act of 1947 laid the foundation and structure for the US intelligence community in accordance with the challenges of the Cold War world (Burch, 2008). The intelligence apparatus was thus formed through hierarchical, centralized structures, in which SIGINT (Signals Intelligence), IMINT (Image Intelligence), HUMINT (Human Intelligence), MASINT (Measurement and Signature Intelligence), GEOINT (Geospatial Intelligence) and OSINT (Open Source Intelligence) were clearly defined disciplines that were foreign and independent of one another. Each discipline had its own methods of collection, its own analysts, its own language and its own databases of collected information stored in stove-piped silos. With the fall of the Iron Curtain and the concurrent evolutionary developments in cyber and digital technologies, the intelligence community, configured to meet the Soviet threat, was confronted with the exigency of intelligence reform in the face of this disruptive reality. However, despite compelling evidence indicating the necessity of a radical “revolution in intelligence affairs” (Lahneman, 2007), the reforms implemented by the US intelligence community in an attempt to adapt to the post-Cold War world order were mostly incremental: simply updating or adjusting existing paradigms and processes. Between 1991-2001, 12 separate blue-ribbon commissions, task forces and governmental initiatives recommended 340 reforms that would prepare the US intelligence enterprise for the 21st century. One such initiative, the 1996 Aspin-Brown commission, emphasized the urgency of improved open source collection and analysis in light of the changing nature of publicly available information, stating that the creation of adequate computer infrastructure that would enable intelligence analysts to access open source databases should be a top priority (Zegart, 2009). Notwithstanding the wide consensus advocating the imperative for organizational change, only 35 of the 340 recommendations were implemented.

The lethality of resistance to change became painfully evident through the events of September 11, 2001. The intelligence failure of 9/11 exposed the inadequacies of incrementalism in the face of the information revolution. The 9/11 Commission Report, issued in July 2004, was a brutal wake up call to the imperative for radical change, concluding that the failure to prevent the attacks was a direct result of cumbersome bureaucratic organizational structures, fragmented intelligence collection processes, antiquated Information Technology (IT) architecture and an endemic aversion to information sharing and collaboration between members of the intelligence community (Rovner & Long, 2005). Cultural pathologies had led the intelligence community to resist new technologies, ideas and approaches, inhibiting significant organizational innovation that would have enabled the counterterrorist enterprise to adequately adapt to the new security environment. The old model of intelligence had worked well against the Soviet Union, but now had to be overhauled and reconfigured in order to “keep pace with a global telecommunications revolution, probably the most dramatic revolution in human communications since Gutenberg’s invention of moveable type” (Hayden, 2002).

The changes implemented by the US intelligence community in the wake of these calls for reform, however, were insubstantial. The establishment of the Directorate of National Intelligence (DNI), and formation of joint entities to facilitate information exchange among federal, state, local and private sector intelligence entities, still revolved around the existing intelligence frameworks. These incremental reforms proved inadequate. The intelligence community - both federal and private - continued to operate according to Cold War era methods and processes, unequipped to combat the myriad new threats, opportunities and challenges presented by the new era of data abundance.

As global technological innovation continues to accelerate at an astounding pace, disrupting private industries, economies and societies, the intelligence community still struggles to adapt at the speed of their adversaries. As society embraces automation – enabling ubiquitous, real-time storage, access and processing of data – the intelligence practice remains limited by legacy systems and processes, relying on manual intelligence collection, extraction and analysis. Today, more than a decade after Lanheman’s call for a “revolution in intelligence affairs”, the conditions are now ripe for a true systemic transformation to intelligence structures and practices. At the center of this revolution, both facilitating and compelling radical change, is cyberspace.

A Cyber-Centric Revolution in Intelligence Affairs

As opposed to the previous battlegrounds of land, air and sea, the cybersphere is an artificial space created by computerized systems, networks and software, with the keyboard and mouse the modern arms of choice. Cyberspace, as a new frontier of security, has transformed the most basic assumptions about information, knowledge and intelligence. As discussed in the previous installment, in the current cyber age, intelligence professionals have potential access to infinite stores of information, and yet, most continue to operate according to traditional manual intelligence practices - attempting to sift through these unprecedented data troves to find a “golden nugget”.

The main challenge facing intelligence professionals today is no longer searching for and finding the right information for the purpose of uncovering the intelligence inherent within, but rather, asking the right question, and extracting the right answer from the vast quantities of raw data.

The cybersphere has blurred many boundaries in the intelligence process, most significantly, creating a shared virtual domain between us and our adversaries, populated by faceless, anonymous and indistinguishable actors. Attacks launched within this space are varied and multifaceted, motivated by political, ideological and criminal incentives alike. Attackers might be terror organizations, cybercriminal gangs, fraudsters, hacktivists or state-sponsored espionage services. Similarly, in cyberspace, almost anyone can be involved in intelligence collection, or a potential target of counterintelligence operations.

While the blurred boundaries and shared spaces of the cyber domain create a plethora of exploitable vulnerabilities and attack surfaces, they also present unique visibility into the threat landscape. Those on the defensive can gain an advantage if they embrace proactive threat intelligence, observing threat actor activities within cyberspace to learn about their tactics, techniques and procedures (TTPs) and inform strategic, tactical and operational security decisions to defend against impending attacks.

Within this new cyber-centric reality, what principles, ideas and structures should underpin the intelligence process? We propose three core tenets:

Agility: In order to contend with the current reality of rapid, constant and accelerated change, organizations must adopt more decentralized, flexible and agile approaches and structures. This entails breaking down the traditional disciplinary entities and removing bureaucratic rigidity. The “INTs” have been the pillars of the intelligence community’s organizational structure, but timely analysis of threats requires that data from all the INTs be brought together in order to allow cross-domain and cross-discipline machine learning capabilities, detailed below.

Synergistic Information Sharing: The complexity of the modern threat landscape has blurred the lines between national security and threats to individuals and private businesses, as civilian infrastructures have evolved to become critical to national security itself. As a result, the division between civilian and military/governmental intelligence is likely to be similarly eroded, necessitating a synergistic partnership between federal and civilian intelligence organizations, to create new intelligence products and information exchanges and enhance defensive capabilities.

Embracing Automation & Machine Learning: The disruptive field of data science must be incorporated as a core competency of the intelligence enterprise in the information age. Embracing automation, big data analytics and AI is imperative to efficiently collect, process, analyze and extract intelligence from vast quantities of raw data.

Ready or not, the revolution is here, forcing intelligence professionals to adapt - or else. Refusal to accept the changing reality of machine-driven intelligence and automation is akin to accepting defeat, giving adversaries a technological edge that will be impossible to overcome.

You may also like

Man sitting at a desktop computer. The image is distorted and colorized.

March 27, 2024

State of the Underground 2024: Cybercriminal discourse is hiding in the shadows

Read more
PhantomBlu-Blog

March 21, 2024

PhantomBlu Cyberattackers: Backdooring Microsoft Office Users via OLE

Read more
Diving into the Underground thumbnail

March 19, 2024

Take Threat Hunting to the Next Level: Create and manage your dark web persona

Read more