OPINION — Even a cyber and info war aficionado like Russian President Vladimir Putin must begrudgingly appreciate the karmic role that the slew of publicly available information is playing to complicate his Ukraine incursion. Seemingly at every juncture, social media and other sources of publicly available information are highlighting every Russian miscue and providing forums to counter Russian info wars.
The examples abound: exposure of Putin’s plans and intentions during the buildup on Ukraine’s periphery, students and academics using traffic data to accurately predict the impending invasion, and the proliferation of apps documenting troop movements and declining morale. Likewise, groups like Anonymous are helping identify and exploit gaps in Russia’s vaunted cyber defenses.
The critical role of publicly available information has been well-documented. However, what’s missing in this discussion is the increasingly important role commercially available information (CAI) can play in this effort. Companies are regularly churning out massive amounts of data that would be useful for the U.S. government, and this trend is growing exponentially. By 2025, the commercial sector is expected to produce 135 zettabytes of data. To put that in perspective, 1 zettabyte is equivalent to roughly 300 million copies of library of Congress holdings.
CAI, to clarify, is not synonymous with “open source,” which is readily, and intentionally, made available for viewing to large audience segments. In contrast, CAI is a commodity, collected for business purposes—such as advertiser ids and the multitude of other forms of data that companies routinely collect and sell to other entities. As such, it has monetary value, and companies are not giving it away. This monetization of data means that, while it is technically publicly available (albeit for a price), it is not “out there” for everyone to view like social media and other open source platforms.
Today’s constant barrage of information makes it easy for countries to wage disinformation campaigns. Your emotions are the weapon of choice. Learn how disinformation works and how we can fight it in this short video. This is one link you can feel good about sharing.
In this Internet of Things world, companies are routinely gathering data on Russia and other U.S. adversaries as part of their normal business operations. Unlike “open source,” this often includes data that our adversaries would not want the U.S. government to access. In fact, much of this data, heretofore, could only have been obtained using more risky clandestine means. When I managed open source collection in Europe, and then the Middle East, we used to say that open source provides about 80 percent of the “lower hanging fruit” so that operators could focus their efforts on the remaining 20 percent. CAI, in contrast, can also help address that more difficult remainder.
What types of data are we talking about? In the Russia example, companies have unique information on priority topics such as military personnel and equipment, Russian aviation and shipping records, company and financial records, Cyber vulnerabilities, and much more.
In the State of the Union address, President Joe Biden laid out an aggressive plan for countering Russia. It is not an overstatement to say that CAI can underpin virtually every potential U.S. action. This would include identifying Russian entities to sanction and their ill-gotten holdings to seize. It would also help inform DoD planning and enable a wide range of cyber and other intelligence operations.
As a former CIA officer, it’s easy to envision myriad potential use cases for the IC. For analysts, this data can help fill critical information gaps, augmenting classified holdings—particularly on hard targets like Russia and China that typically present greater collection challenges. This data would also be invaluable for clandestine operations; e.g. identifying people of interest, validating their bona vides, and their access to information. Cyber gurus would have a field day with data highlighting Russian and other adversaries’ nodes and vulnerabilities.
Register for your own Expert-Level Briefing on Ukraine and How Private Sector Intelligence is Defining a New World with Mandiant CEO Kevin Mandia
Wednesday, March 23 from 1:30p – 2:30p ET
This raises a critical question: Is the U.S. government well positioned to access and exploit this information? The answer at this critical juncture is not yet. As the war in Ukraine rages, many undoubtedly useful data bases remain untapped by U.S agencies.
Why? Many companies either do not understand the intrinsic U.S. government value of their data, or as mentioned previously, they are looking to capitalize on their holdings. Even for patriotic companies that want to help, identifying the right mechanisms for sharing with the government are not clear. I am confident that there are many entities that would welcome the opportunity to help counter Putin, or to help with our China-related efforts. However, the access points are often murky at best. And then there’s the vexing challenges of figuring out how to meaningfully partner with government. For tech companies, this is often referred to as traversing the valley of death.
On the government side, U.S. agencies that could exploit such data face a daunting task: how do they identify the hundreds of potential data providers, vet them to ensure that they are not under hostile foreign government control, and then execute contracting actions in a timely manner?
In short, it’s just not a smart use of already busy government officials’ time, and they also are not equipped to do this at scale. The process of technical scanning to determine which companies might have valuable data holdings requires expertise and resources that agencies lack. This endeavor also requires continuous monitoring to identify new providers that are constantly emerging. And, once the companies are vetted, agencies would need to do separate contracting actions for each one, which is not feasible given the sheer number of entities involved.
This begs for a more streamlined U.S. government approach to procure data at scale; and one that matches the speed of mission. This, ultimately, may necessitate partnering closer with commercial entities that specialize in data procurement on a macro scale to deliver these outcomes. Their role would be to provide the easy button for government: providing a bespoke, user-friendly marketplace for vetted data suppliers. This could also help curtail price gauging by utilizing cost estimators for various data sets.
It is clear that the race is on with our adversaries to access and operationalize commercially available information. We are already lagging in this regard, and failure to address this pressing need expeditiously will put us even further behind. It is past time for the private sector and government to partner more effectively to close this gap. Are we up for the task?
Sharing informed opinions is important. Opinion pieces represent the diverse views of The Cipher Brief audience and do not represent views of The Cipher Brief.
Cipher Brief Subscriber+Members can access Cipher Brief Expert and former CIA Chief of the Central Eurasia Division, Rob Dannenberg’s assessment, With his only option being escalation, this is how Putin’s War must End
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
