21 February 2017

Pentagon Cyber Spies Seek Better Tools to Sort Intelligence Data

Nafeesa Syeed 

Pentagon spies trying to get ahead of mounting cyberthreats from North Korea to Russia are seeking new technologies to help winnow down the flood of data they receive, according to a senior Defense Department intelligence official.

With an exponential increase in data flows, there’s been a significant shift in the type of intelligence top Pentagon officials demand, said Ron Carback, defense intelligence officer for cyber at the Defense Intelligence Agency. Three years ago, officials would have asked for “every indicator or compromise and every report that comes out” about cyberthreats, said Carback.

But now “they don’t want to see a hundred pages of reports in the morning,” Carback, who has spent more than two decades at intelligence agencies including the National Security Agency, said in an interview in San Francisco. “They want to see one or two that say, ‘Oh, this is why they’re coming after me, these are things we have to consider the risk on.”’

The requirement for DIA analysts to quickly synthesize intelligence becomes even more challenging with a dearth of people who have cyber expertise. Carback said that’s where his “matchmaking” comes in. At the RSA cybersecurity conference in San Francisco this week, Carback was scoping out emerging technology and telling companies about his agency’s needs. Big data analysis and automation tools “would help our analysts move up into more of the critical thinking,” he said.

Analysts receive multiple feeds on cyberthreats as well as hundreds of reports and material from other intelligence agencies. They have to sift through that content to ascertain what adversaries are trying to do so that they can help policy makers as well as combat and acquisition officials reach decisions. Technology that shrinks the information into smaller data sets could help.

Rather than “spend most of their time just trying to cull reports and read things,” he said, automation can “help them move up into a higher plane of view, using their brains for analysis -- that’s what I’m trying to look for,” he said. “Anything you can do to automate those processes makes it easier on the analyst.”

At the same time, he said, the Pentagon must remain concerned about countries attacking its infrastructure and networks. Russia, China, Iran and North Korea are still the main nations posing such threats, Carback said.
Top Adversaries

“From a nation-state perspective, it’s just so pervasive that we have to continue to build up our defense in support of that,” Carback said. It’s up to analysts to find out “why are the adversaries coming after me? What are Russia, China, Iran, North Korea trying to do?”

Not having enough details on what hackers are aiming for is an obstacle.

“Some of the actors are difficult to understand or find, they’re quiet. Other actors are a lot noisier on the networks,” he said. “Not having that information makes it hard to shape and understand why they’re doing what they do.”

As the intelligence community, or IC, tries to adopt more technology, restrictions on what’s permitted in classified and sensitive settings reduce its attractiveness as a career option for a younger generation accustomed to carrying their mobile phones and tablets everywhere.

”One of the appealing things to millennials is the ability to use all of their devices in every location,” Carback said. “So as we try to appeal to them to recruit, we have to figure out ways in the IC to make the use of devices more easy for everyone.”

No comments: