Kevin Coleman


Cyber intelligence must drive cyber operations

Domain requires new sources of intelligence on an unprecedented scale

New domains of conflict come with new requirements for new operational models driven by intelligence, and the cyber domain is no exception. 

In this new domain, we have to worry about not only nation-states but also activists, extremists and rogue lone-wolf actors.

Related coverage:

Private sector must heed new warning of grid vulnerabilities 

The challenges of the cyber domain of conflict require new sources of intelligence on an unprecedented scale. Couple this with the fact that the speed of technology evolution and the innovation we see in cyberattacks, and you can easily see why we need to continuously develop a robust cyber intelligence capability. We are now in the early stages of cyber intelligence trade craft development, cyber warfare training, and cyber intelligence collection and analysis.

Gathering cyber intelligence is in some ways easier and in other ways much more difficult than collecting intelligence in the physical world. For example, satellite surveillance offers little value — cyber weapons development requires very little infrastructure and what little it does require is indistinguishable from what businesses or even consumers require.

Cyber intelligence must answer these questions:

  • What are the essential cyber intelligence sources?
  • What are the offensive capabilities of our adversaries?
  • What are the defensive capabilities of our adversaries?
  • What future cyber capabilities are planned for military and industry technologies?
  • What cyber capabilities are currently in development for military and industry technologies?

The answers to these questions are essential for cybersecurity of any nation. Many are quick to compare our current cyber situation to that of the Cold War. Although I was too young to really pay attention to the Cold War, from what I have read, I think this is a very bad idea. Conflict in the cyber domain and the associated cyber weaponry differ greatly from that of the Cold War. I am of the opinion that we need to develop different mental models for cyber conflict if we are to maintain operational supremacy in the domain, and that requires significant attention to cyber intelligence.

The unique characteristics of cyber domain operations put human intelligence collection at the top of the cyber intelligence pyramid and is the most difficult and urgent to put in place. In the past few years, many in the intelligence community have recognized the need for the development of a specific class of personnel to operate in the complex, dynamic cyber domain environment. Another unique aspect of the cyber domain is how significant a role the private sector plays and how the nondefense industrial base is integrated and has a critical role in this domain as well.

The cyber cold war is on, and it has been for a few years. Today, ones and zeroes are the weapons of modern conflict. We must rapidly develop robust cyber intelligence collection while at the same time guard against cyber spies entering and operating within our military, intelligence and industrial domains. What a huge challenge we face. I have blogged, written and even testified about the pressing need for cyber intelligence. Although I admit I am not a patient person, the time it is taking to establish an international cyber collection infrastructure is putting our nation at risk.

This is not just my opinion. A number of reports have echoed the same need. A new report by the Intelligence and National Security Alliance states that the United States must develop cyber intelligence as a new and better coordinated government discipline that can predict computer-related threats and deter them.

Many are asking, “What is taking so long?” Although I am sure there is much more of our cyber intelligence gathering capabilities that are above my current security clearance level, industry integration and cooperative work with many other areas of the private sector seem all but absent. Admittedly, that is no small task. Establishing effective and efficient working relationships between the two communities will take time — time we might not have.

About the Author

Kevin Coleman is a senior fellow with the Technolytics Institute, former chief strategist at Netscape, and an adviser on cyber warfare and security. He is also the author of "Cyber Commander's Handbook." He can be reached by e-mail at: [email protected]

Defense Systems Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.