Andrew Borene is the Associate Vice President for Research at National Intelligence University and a cadre officer of the Office of the Director of National Intelligence. NIU’s Office of Research comprises NIU’s unique classified academic research and publishing capabilities as the U.S. Intelligence Community’s accredited, degree-granting university.
Julie Ferringer is a Caracristi Institute for Intelligence Research Fellow on detail from her role as an intelligence analyst with the FBI.
Chris Ventura is a research faculty member and the director of NIU’s Center for Intelligence in Extremis. The authors are members of NIU’s Office of Research, which comprises NIU’s unique classified academic research and publishing capabilities as the U.S. Intelligence Community’s accredited, degree-granting university.
Views are the authors’ own and do not necessarily reflect the policy or opinion of any US Government agency.
ALTERNATIVE PERSPECTIVES — The cyber domain is emerging as the first choice of battle space for many foreign adversaries of the United States, NATO, and other vital U.S. security partners. These adversaries with deep pockets do not adhere to the system of laws and norms for the free world. They also target infrastructure largely owned and operated by private sector entities. The result is a need for a collaborative U.S. and allied approach to cyberspace built upon willing partnerships across international, inter-governmental and public-private boundaries.
Some good news is that lessons on success exist from more than 20 years of worldwide U.S. counterterrorism collaboration combined with a culture of “shared floorboards” and “information sharing” between diverse stakeholders in U.S. cybersecurity.
Uniting to address a common threat and the sense of identity it provides is not a new phenomenon. Nearly two thousand years ago, Roman emperor Marcus Aurelius wrote “The mind adapts and converts to its own purposes the obstacle to our acting. The impediment to action advances action. What stands in the way becomes the way.”
Last year’s ransomware attack on Colonial Pipeline caused massive occlusion in one of the America’s largest energy delivery arteries. When Colonial shut down its systems a gas panic ensued on the East Coast. A simple ransomware attack created very dangerous situations for many U.S. citizens, businesses, cities and the economy in a very short time.
This past month’s suspicious explosions of two underwater Russia-to-Germany Nord Stream natural gas pipelines in the Baltic Sea near Sweden and Denmark demonstrate that the targeting of critical infrastructure for European energy consumers is equally jarring to free world economies.
Register for The Cyber Initiatives Group Virtual Winter Summit on December 13 to stay ahead of what’s coming in cyber. Registration is free for this master class in public-private collaboration on cyber issues. Register today.
It is increasingly obvious that the U.S. cannot adequately address cyber threats as a lone state actor. So, what does work? Are there lessons we can apply from researching the most effective intelligence collaboration, threat-sharing and operational planning efforts of the past twenty years?
In an ongoing effort to uncover those patterns or lessons, a National Intelligence University researcher recently interviewed intelligence analysts and their supervisors working on interdisciplinary teams across the U.S. government. Each of these teams — 41 in total— addressed different threats such as terrorism, counterintelligence, violent crime, public corruption, fraud and cyber.
The aim of the ongoing NIU study is to explore the chemistry of interdisciplinary teams that have formed since 9/11 in the U.S. intelligence enterprise and to understand how diverse intelligence teams integrate the unique skills of team members to protect the nation. A great deal of useful insight has been generated in the counterterrorism field where concepts like burden-sharing and comparative advantage drive willing cooperation among diverse security partners with a common adversary.
But as these interviews unfolded, the nation’s cybersecurity and cyber threat intelligence teams became outliers. Cyber analysts were describing their teamwork with extreme language such as “seamless” and “super-tight.” One supervisor noted that in the cyber community, integration is “supernatural.” They all described close collaboration, regardless of rank or title. A supervisor from a non-cyber team, wistfully recalled her time supervising cyber analysts, stating, “we were a really tight-knit team, we worked really well together.” She elaborated cross-boundary inclusion was commonplace in cyber teams.
There was something about cyber teams which set them apart. Perhaps it was the learning experience that takes place across different team roles; maybe it was the immediacy of the threat. Whatever it was, something about fighting the cyber threat connected colleagues and helped them overcome tribal divisions between departments, agencies, occupational specialties, and home organizations.
How did the U.S. Intelligence Community bring diverse worldwide partners for the defense of free nations into the fold? Perhaps there is some fundamental insight we can derive from those seamless cyber teams.
Twenty-one years ago, the obstacle of violent Islamic extremism became a path to global cooperation, local partnerships and concerted effort. Since 9/11, the world has transformed, having been reborn around an infrastructure of unprecedented partnerships to deter, defend and attack terrorism.
Driven by the U.S. public and global outcry, the 9/11 Commission and the Intelligence Reform and Prevention of Terrorism Act of 2004 initiated wide sweeping reforms to break down government stovepipes and guide global efforts to unite under a counterterrorism umbrella. Must we wait for a “Cyber Pearl Harbor” or a “Cyber 9/11” necessary to inspire a similar size, scope and impactful unification of effort to deftly address cyber threats? We propose some lessons from research observations to inform collective readiness before a cyberattack of those magnificent proportions impacts our way of life.
The cyber threat makes demands upon us all. The reach of the cyber threat is beyond that of any kinetic attack. The pervasive nature and growing complexity of the “Internet of Things” guarantees the certainty of cyber vulnerabilities in every single element of our lives, societies and infrastructure. It should be no surprise that as the world gets more connected, our adversaries look to exploit, and disrupt, those connections.
The cyber threat — today’s obstacle — requires the kind of unprecedented global collaboration that emerged in the wake of 9/11.
The U.S. and friendly partners rely on infrastructure owned and operated by a mix of public and private entities outside their direct influence or control. Cybersecurity for democratic societies requires a similar worldwide commitment by national governments, international alliances, and especially by willing private sector partners in protecting individual freedom.
Cybersecurity also requires vigilance from each individual citizen. One distracted click on a sinister link can bring chaos into energy markets, supply chains, schools, police departments, businesses, government institutions, banks and infrastructure.
The U.S. must recognize the power not only of the private sector in cyberspace, but also the potential for any individual with a connection to the internet to become the vector for a state-level adversary. This represents a restructuring of the global power or threat landscapes based on technical competence and capability and not simply upon the scale of resources.
Several White House Executive Orders and the National Intelligence Strategy underscore the U.S. commitment to improving cybersecurity and the need to recruit and retain cyber expertise which requires further financial investments in training upon existing ways of doing business.
The surface level assumption may be that that more cyber training and awareness is needed and scaling up delivery and certification is the path to success.
Interestingly, some early NIU research is indicating that better cyber training may be necessary and more effective than volume. More research remains to be completed, but one observed challenge is that a majority of cyber training courses have been designed as “minimum viable products” to be packaged, briefed, and sold to customers for repeatable, scalable revenue rather than designed to enhance cybersecurity learning outcomes.
The Cipher Brief hosts expert-level briefings on national security issues for Subscriber+Members that help provide context around today’s national security issues and what they mean for business. Upgrade your status to Subscriber+ today.
Another challenge is educating populations on modern technological threats using old pedagogies and delivery mechanisms that were optimized for 1950s defense base consumption. We are exploring what is working in other areas of modern quantitative education to drive more effective and efficient delivery of cybersecurity tradecraft.
NIU research indicates that many problems plaguing modern science, technology, engineering and mathematics (STEM) education in the U.S. are also impeding the success of most cyber training programs. Similarly, the work of Nobel Laureate Dr. Carl Wieman of Stanford University indicates that science and technology have advanced rapidly since the Middle Ages through intensive research and development, yet teaching is guided by tradition rather than a lack of recognition of what works. Early NIU research indicates there may be room for significant improvement through acceptance of what pedagogies are truly working and which are clearly failing in cyber training to empower collective defense of free societies.
Protecting our citizens (and those of our free world allies) from the cyber threat will require seamless and super-tight collaboration, between national governments and the private sector, academia, and municipal governments. It will require the U.S. Intelligence Community to continue recruiting and integrating citizens with diverse skill sets and perspectives. It will require the nations of the world to take a stand against cyber aggression. It will require vigilance from every individual citizen of a free state.
In late 2001, the French newspaper Le Monde declared, Nous sommes tous Americains—we are all Americans now. The recent demise of Zawahiri and two decades of successful international efforts to mitigate the threat of Al Qaeda and its ilk to the free world have shown that we can unite to meet a common threat.
Recalling our friend Aurelius from an earlier era of civilization, the cyber threat appears to be today’s impediment advancing collective action of states, businesses and citizens of the free world. Cybersecurity is not simply an end unto itself but a vehicle for connection—it is the way.
We all must become cyber warrior scholars now.
Read more expert-driven national security insight, perspective and analysis in The Cipher Brief
Did you miss today’s 10-minute briefing on the latest global events impacting US national security? Get your daily brief with Suzanne Kelly and Brad Christian by signing up for The Cipher Brief’s Open Source Report Daily Newsletter or by listening to The Cipher Brief’s Open Source Report Podcast wherever you listen to podcasts.
