Government Industry

Industry: Email Alert RSS Feed
Comments

The new counterintelligence response to the cyberthreat

Military Intelligence Professional Bulletin, July-Sept, 2003 by Bobby Allen

The views expressed in this article are those of the author and do not reflect the official policy or position of the 902d Military Intelligence Group, U.S. Army Intelligence and Security Command, the Departments of the Army and Defense, or the U.S. Government.

Most RecentGovernment Articles

U.S. counterintelligence (CI) elements must refocus to defend against the rapidly expanding cyber-intelligence collection threat. The cyber-revolution in military affairs has already started, before even a consensus on its definition has been reached. Earlier policies of risk-avoidance and placing too much emphasis on personal privacy at the expense of national security have degraded intelligence potency and hampered traditional CI efforts. After 11 September 2001, however, U.S. citizens now seem more willing to concede that privacy matters less than an aggressive and effective intelligence collection capability (including CI activities) to combat the new face of terrorism. If the cultural and legal trend of returning to a national security focus continues, aggressive human intelligence (HUMINT) collection that goes after real secrets, and CI operations that genuinely exploit foreign intelligence and security services (FISS) may return.

The Threat Is Sophisticated

Today's spies practice much more sophisticated methods and employ the latest technologies to gather and transmit massive volumes of our most sensitive information on a much wider variety of targets. FISS can and do leverage distributed cyberattacks routed through many countries using a wide variety of tactics and techniques, making it nearly impossible to state with certainty that any particular attack originated from a particular threat. Over time, computing power will completely overwhelm our ability to comprehend, let alone protect against, the exponentially expanding vulnerabilities created with new technologies. It is imperative that CI stays ahead and avoids technological surprise--

   ... the unilateral advantage
   gained by the introduction of a
   new weapon (or the use of a
   known weapon in an innovative
   way) ... against an adversary who
   is either unaware of its existence
   or not ready with effective countermeasures.... (1)

The intelligence community must embrace new technologies, carefully selecting those that best suit strategic intelligence purposes. Perhaps the best method to maintain compartmentalization and still maximize the use of new technologies is to recruit small groups of highly specialized technicians to explore each technology potential from both a defensive perspective (what can the threat do to us?) and for possible offensive operations (how can we use this against the threat?).

The Insider Threat

The greatest threat is from trusted insiders with placement and access to highly sensitive classified information. It is a relatively simple task to plug in a miniature data-storage device and save hundreds of megabytes of classified data they can easily smuggle out. It is equally easy for an insider to save this data to floppy disks, compact discs with read-only memory (CD ROMs), or even to another hard drive they brought in themselves. Unlike most other crimes, it is technically possible for a spy to encrypt, hide evidence using stenography, or both, and even completely delete all traces of evidence that was once on media. (2)

CI can conduct operations to invent new ways of detecting and responding to this type of attack. Modern security devices cannot replace traditional security practices such as background checks, awareness training, physical security, and internal investigations. A dramatic demonstration can be had by any company willing to hire a person or agency to attempt to infiltrate and discover information about their own company. Within days, an individual can gather information from the Internet, use fake identification to gain employment, observe passwords, and access sensitive information. (3) There is no easy solution to preventing this kind of threat; enforcing strict security policies and providing awareness training with random spot-checking appears to be the best compromise solution for now.

We Are Our Own Worst Enemy

Political policies and social beliefs since the Reagan Administration have resulted in a win-win situation for FISS. The policy of recklessly declassifying information, along with our cultural penchant for sharing sensitive but unclassified information, combined with our institutional migration to put everything on the Internet for ease of data dissemination, have combined to make collecting on the United States terribly easy. The hampering of HUMINT and CI operations and investigations in the name of privacy have permitted untold numbers of FISS agents to operate unimpeded for years.

The Networked Vulnerability

Isolating secure systems from nonsecure systems, enforcing evolving "best practices," using strong physical security, and constantly monitoring networks for anomalies can reduce the networked threat. "The head of the Computer Emergency Response Team (CERT) once estimated that well over 90 percent of all reported break-ins were made possible because hackers could exploit known but uncorrected weaknesses of the target system." (4) Wherever there is the possibility of crossing unclassified with classified networks through negligence or willful intent, the remote attack is possible. Like criminals, FISS will continue to seek ways of gaining unauthorized access to sensitive networks simply because there is very little to lose in trying.

 

BNET TalkbackShare your ideas and expertise on this topic

Please add your comment:
  1. You are currently: a Guest |
  4.  

Basic HTML tags that work in comments are: bold (<b></b>), italic (<i></i>), underline (<u></u>), and hyperlink (<a href></a)

Presented by American Express