Cyber superiority requires intelligence edge
Challenge lies in blending traditional approaches with modern technology
- By Kevin Coleman
- May 04, 2011
Cyber intelligence has evolved far beyond technical information about vulnerabilities in systems and software. As far back as the late 1990s when I was the chief strategist at Internet pioneer Netscape, I began to work in the area of cyber intelligence.
The global intelligence community widely recognizes the critical nature of this category of intelligence. Recently, we have witnessed an increased focus placed on cyber intelligence. Few people would dispute the ever-growing threat of cyberattacks and the impact that a successful cyberattack could have on the economy and day-to-day operations of any nation.
MORE FROM THE DIGITAL CONFLICT BLOG
Leadership training needed for cyber warfare
Tracking the cyber underground
The best cyber defense rests with cyber intelligence. This is an area that requires increased investment and international recruitment of assets to enhance the existing capabilities of more than 100 intelligence organizations that are developing cyber intelligence capabilities.
The Cyber Command collects a substantial amount of cyber intelligence to detect threats that emanate from the hybrid environment of cyberspace. The move from the current reactive modality to a proactive approach to cyber defense requires a robust cyber intelligence capability. The concepts of cyber intelligence and human intelligence are fundamental to the quest for such capability.
Cyber intelligence is defined as all efforts and activities conducted by or on behalf of an organization that are designed and used to identify, track, measure and monitor digital threat information, data and insights about an adversary’s operations. The effort involves critical or sensitive activities conducted through private networks, computers, electronic equipment, related communications devices and equipment critical to daily operations. It also relates to offensive, defensive and intelligence collection cyber capabilities, in addition to the current and future intentions of the adversary.
As such, cyber intelligence is a strategic priority. Technical cyber intelligence must be augmented by new and some traditional methods and sources used to provide insight and foresight into this complex and multifaceted area. One such traditional method of intelligence collection that is critical to cyber is human intelligence.
Human intelligence is defined as information or data, and it is often designated as classified or confidential. Human intelligence also might include trade or state secrets. The information is usually collected by means of interpersonal contacts with human assets, commonly referred to as a spy, mole, professional or agent. Almost all human intelligence is collected through clandestine means. Unlike some other intelligence collection disciplines, human intelligence operates in both the cyber and physical environments.
Human intelligence information must be applied to generate an accurate and timely picture of the global cyber threat environment. A cyber intelligence analyst speaking on the condition of anonymity told me that, for years now, he has pushed his organization to enhance and fully integrate human intelligence and other sources of intelligence because traditional signals intelligence and cyber intelligence can’t provide a complete picture. Collection and analysis of all-source cyber intelligence now take precedence in many countries, terrorist groups and private-sector businesses around the world.
Human intelligence plays a critical role because, unlike nuclear weapons and other weapons of mass destruction, cyber weapons require far less infrastructure and do not require restricted materials or knowledge that is in limited supply. Therefore, traditional intelligence collection platforms are of limited value. A nation’s ability to understand its adversaries’ cyber capabilities has moved up in priority to that of weapons of mass destruction. To be successful, cyber intelligence must blend more traditional sources of covert information collection — in the physical environment — with modern technology and also establish a reliable collection capability in the online world.
Kevin Coleman is a senior fellow with the Technolytics Institute, former chief strategist at Netscape, and an adviser on cyber warfare and security. He is also the author of "Cyber Commander's Handbook." He can be reached by e-mail at: [email protected]