Rethinking the Cybersecurity Challenge from an Intelligence Community Perspective
Director of National Intelligence (DNI) Avril Haines was interviewed by Michele Flournoy, Co-Founder and Managing Partner at WestExec Advisors and former Under Secretary of Defense for Policy, on the first day of the RSA Conference 2022. As cyber challenges and malign actors proliferate, the U.S. Intelligence Community (IC) is committed to protecting the nation by working with industry and international partners to rethink how we collaborate and design networks as well as the cybersecurity that protects them. Here are a few key takeaways from DNI Haines’ remarks:
1. Cybersecurity Highlights Tensions with Key Distinctions in Our World
Cybersecurity highlights tensions between the IC’s different rules for domestic versus foreign collections. We need to bring together a threat picture that looks across the foreign/domestic threat space to collect on foreign adversaries who are operating in the U.S.
We have different legal regimes for times of conflict versus time peacetime. Do we need a Geneva Convention for cybersecurity? It’s important to start developing the cyber rules of the road now before a situation gets to the use of force or armed conflict.
The public-private distinction is one of the preeminent challenges in cybersecurity. Because so much of our country’s critical infrastructure is privately owned, it impacts the U.S. Government’s ability to protect it. The U.S. Government needs to collaborate with the private sector in intense ways to address the threats we are facing as a nation.
2. Cybersecurity Is Getting Harder
We still have not figured out how to prevent intrusion of even sophisticated networks. The IC is not a shield but does provide warning so others can take action to the extent they can. With cybersecurity, one of the challenges is how do you build a risk of failure into your systemic design? We understand that we can’t create a perfect defense.
Every year, the DNI’s Annual Threat Assessment focuses on nation state actors as our principal adversary threats. However, we see transnational criminal threats expanding. Commercially available tools have spread the ability to hack to other bad actors.
Cybersecurity also highlights the challenge of protecting privacy and civil liberties. There is an increasing amount of sensitive personal data available (particularly in the pandemic era). Data brokers are proliferating as they collect and share personal information making it harder to maintain privacy.
3. Partnerships Are Critical
The IC has greatly improved its public-private partnerships, but there is still enormous work still to be done. Right now, the IC is focused on ensuring the best collection to effectively provide the private sector with the landscape of threats. A key aspect of partnering with the private sector is the IC’s ability to provide information to victim companies and they are working to develop mechanisms to do this in real time. The IC is increasingly bringing in private sector companies to do analytic work together, compare notes, and share information.
4. The Amount of Information Declassified and Shared Regarding the Russian Invasion of Ukraine Was Unprecedented
There was a fair amount of skepticism in the fall when the IC started to warn of an impending Russian invasion of Ukraine. The IC worked diligently to quickly declassify intelligence information to deny Putin the opportunity to create a false narrative. The degree of information sharing is extraordinary.
The IC has already attributed cyber-attacks against Ukrainian command and control functions, websites, and emergency response functions to Russia but didn’t see the level or scope of cyber-attacks anticipated.
5. Cyber Talent Pitch to Join the IC
The IC is focused on recruiting cyber talent from the private sector. For the privilege of having an opportunity to serve your country, cyber talent in the IC gets in great stories at the end of the day and the ability to make a productive contribution to make the community a better place.
Diversity of thought, experience, and perspectives are critical to U.S. Government right now. The IC needs new cyber talent to think differently and shake things up. Working for the IC presents an intellectual challenge, and the mission is critical to U.S. national security.