Digital Conflict blog


Kevin Coleman

Digital Conflict

By Kevin Coleman

View all blogs

Modern tradecraft moves in parallel with cyber operations

The demands on today’s clandestine assets require unique training, education, and skill sets that must be continuously refreshed in order to stay up-to-date with the latest tradecraft, especially when it comes to cyber operations.

A common misunderstanding is that the skill set and operational domain of today’s spy resides in the physical world. Another misconception is that the operational environment of today’s cyber spies  is confined to an office cubicle seated in front of a computer. Nothing could be further from the truth.

The reality is the cyber side and the traditional operational environment of the spy intersect.

It is difficult to think of a situation where tradecraft practices do not interact with a cyber component. The requirement is that spies must have cyber skills and maintain those skills.

Today, most if not all field assets operating on the clandestine side routinely leverage digital tradecraft. Some of the individuals I have worked with over the years say it is not uncommon for meetings to pass intelligence to individuals tied to three-letter agencies in public places like McDonalds or Starbucks. One individual remarked that even the best spy thrillers barely come close to portraying the digital tradecraft that is currently being practiced.

For example, consider the FBI announcement about the Russian spy ring that was taken down back in 2010. The ring was described as "long-term, deep cover" operation, 10 spies in total that operated for decades. This covert group leveraged modern digital tradecraft with unconfirmed reports of a digital brush-pass – a version of the physical transfer of messages commonly seen in spy thrillers.

The Russian spies exchanged information via a free wireless network at the Times Square Starbucks as well as other locations. Consider that the next time you are at Starbucks ordering your favorite grande latte!

So, again, it’s clear that the growing importance of cyber operations moves in parallel with modern tradecraft. 

Posted on Aug 15, 2013 at 3:11 PM0 comments


Needed: A succession plan for the next generation of cyber defenders

Among the most popular cyber topics on Twitter recently were posts about cyber training and the skills required to be an effective cyber leader. 

In response I received multiple emails about cyber training in the corporate environment. When you take into account the amount of critical infrastructure owned and/or operated by the U.S. defense industry, the issue of cyber training is clearly emerging as a central issue..

Hence, we need to start thinking about a mentoring program that transfers skills from today’s cyber experts to the next generation of security specialists.

Most cyber professionals have finely honed technical skills required to be effective in an increasingly harsh environment. As cyber threats grow, however, those skills are not enough!

According to a recent report, cyber threats are the No. 3 concern of CEOs and board-level executives. Supporting that finding is another report that found nearly 70 percent of C-level executives worry about their organization’s vulnerability to cyberattacks. 

Given those realities, an additional skill set is now required. Many cybersecurity leaders have more than 10 years of experience, some have advanced to senior positions such as chief security officer, chief information security officer or director of information security. While technically proficient, these individuals often fall short in other areas.  Recruiting and managing a staff, creating and managing budgets and, most of all, effective communications with non-technical managers are common and critical activities for the CISO. 

Speaking of communication skills, many information security officers could also benefit from a PowerPoint class that includes presentation skills.

Along with these skill gaps, I would also include a lack of experience in dealing with international regulatory issues related to cyber defense, an area of growing importance for global businesses. 

The private sector plays a critical role in U.S. defense as a supplier for much of the nation’s critical infrastructure. With an aging U.S. workforce and many of our senior cybersecurity professionals contemplating retirement, succession planning is a must for businesses as well as DOD and other federal agencies.  

The first step in this process should be a mentoring program to train the next generation of cybersecurity leaders. Such a program should focus on lessons learned and the evolving nature of the cyber threat. The sooner we begin this process, the better.

Posted on Aug 08, 2013 at 6:08 AM0 comments


The New CIA: Cyber Intelligence Agency

Cyber defense is gradually moving from a reactive to a proactive posture. Many observers have recognized this is absolutely required if we are to properly defend the massive information infrastructure that we have become so dependent on.

One question that comes up repeatedly is the growing need for cyber intelligence. Most organizations, besides those in the government/military intelligence community, concentrate on vulnerabilities and recently unleashed malware as a form of cyber intelligence. 

Cyber intelligence goes far beyond software and hardware vulnerabilities.  While both are critical elements, many more are needed to paint an accurate and detailed picture of this threat environment. 

The Ponemon Institute released a new study that surveyed more than 700 respondents from 378 organizations. It found more organizations are moving toward what was termed "live threat intelligence.” I highlighted this expanded paradigm (near-real-time cyber intelligence) at the AFCEA Joint Warfighting conference.  If you look at all the contributing factors that influence the cyber-threat environment, you will discover there are about 30 different categories directly associated with cyber intelligence. 

What we are seeing is a shift within the intelligence community to address the growing need for cyber intelligence. That means the Central Intelligence Agency may have to morph into something like a Cyber Intelligence Agency.

As we aggressively adopt new technologies, most of which are directly dependent on cyber communications, threats to this domain along with the growing number of activists, criminals, terrorists and rogue nation-states targeting this critical infrastructure will continue to grow.  We have already seen a handful of universities develop degree programs addressing cyber intelligence.

As we are to keep pace with the growing threats of cyber aggression, we must increase the attention and resources devoted to cyber intelligence.

Posted on Aug 01, 2013 at 10:24 AM0 comments


Securing our satellites before they are launched

We depend on our space assets much more than most people realize. Television, radio, cell phone, long-distance calling and navigation are the most commonly known services that rely on our satellites. Other common applications are the environmental monitoring and weather-monitoring capabilities that help farmers and alert all of us about severe weather. These assets are expensive, with some satellites costing more than $250 million. Typically, these complex systems have an operational life expectancy of 10 to15 years.

According to the Union of Concerned Scientists database, there are approximately 1,071 operational satellites currently in orbit around Earth. That total includes 24 types of data for each satellite. Of these, 459 (46 percent) belong to the United States. The great majority of these satellites have non-military use while less than 100 have mixed uses. An even smaller number are military satellites.

Cyberattacks that target U.S. space-based assets have occurred. Two of the more significant instances took place in 2007 and 2008 when attackers interfered with satellite command and control signals. A recent report release in conjunction with the fiscal 2014 defense authorization bill, calls for "every critical system" -- including "satellites and missile defense systems" -- to be assessed for vulnerabilities that could be exploited by cyberattackers. The Defense Science Board warned in a January report that the Defense Department’s networked systems and components have become “a magnet to U.S. opponents,” cautioning that if left unaddressed, this vulnerability would threaten core U.S. warfighting capabilities.

Every satellite component that provides a critical capability to the U.S. military and economy must be re-examined to ensure they can withstand the growing threat of increasing sophisticated and persistent cyberattacks. That will require a fundamental change in our security approach that will require space warriors to become more proactive when it comes to critical space assets.

That means designing security into the next generation of military satellites rather that addressing cybersecurity as an add-on in the later stages of development.

Posted on Jul 25, 2013 at 6:21 AM1 comments


Defense Systems eNewsletters