Mario Profaca: US Lacks Cyber-Intelligence + RECAP

03 Economy, 07 Other Atrocities, 10 Security, 11 Society, Corruption, Director of National Intelligence et al (IC), Government, Hill Letters & Testimony, IO Impotency, Law Enforcement, Military
Mario Profaca

US lacks serious cyber intelligence

Study says US government, business need to kick network security up a notch

Michael Cooney

Network World, 12 September 2011

There is an urgent need for businesses and our government to develop high-level cyber intelligence as a way to combat the unacceptable levels of online security threats because the current “patch and pray” system won’t cut it in the future.

That was the major thrust of a study by the  Intelligence and National Security Alliance’s (INSA) Cyber Council  which went on to state that  such a cyber-intelligence discipline will demand discussion of the unique training, education and skill sets that will be required to successfully conduct meaningful collection and analysis in the cyber domain.

Background: Who really sets global cybersecurity standards?

“While there is a great deal of focus on current cyber security issues, there is little focus on defining and exploring the cyber threat environment at a higher level,” INSA stated.  INSA describes itself as a non-profit, non-partisan, public-private organization.

The group says the dilemma that exists in the current cyber intelligence apparatus is that the Department of Homeland Security has the authority but lacks the experience and capabilities to orchestrate a comprehensive approach to cyber intelligence. The Department of Defense has much of the actual cyber intelligence capabilities, and private industry owns most of the infrastructure. “Ultimately, INSA’s Cyber Council would like to see a meaningful partnership among all relevant government agencies and the private sector to ensure seamless sharing of threat information, timely analytical judgments, and reasoned, measured responses to clear threats.”

The group made a number of suggestions to help businesses and government build this intelligence community including:

  • Develop strategies (beyond current “patch and pray” processes), policies, doctrines, legal frameworks, and overall global context for cyber intelligence matters
  • Increase global business, diplomatic and other forms of engagement, which should discuss potential ways to create more stability and mutual security in the cyber arena in order to reduce the potential for cyber conflict, theft, sabotage, and espionage
  • Support development of deterrence, dissuasion, and other high level concepts and measures for maintaining peace and stability at all levels of conflict and crisis
  • Define cyber intelligence professions, needed skillsets, training, and education for both industry and government needs.
  • Enable the creation of cyber intelligence related polices, approaches, and pilot efforts across industry, academia/non-profits, and government that provide unclassified situational awareness and indications and warning data, analytics and 24/7 unclassified and classified (as appropriate) reporting to government agencies, trusted industry, and global partners.
  • Corporately define specific activities, plans, and intentions of adversaries; continuously identify current and emerging threat vectors, and support our plans and intentions
  • Identify the specific technical means utilized or planned for cyber attack operations in deep technical detail to include supply chain issues, paths to be exploited, nature and character of deployed infections, systems/product weakness, effects, and anticipated planned or ongoing adjacent activities
  • Maintain detailed cyber situational awareness writ large
  • Participate in the rapid control and release of cyber means in order to ensure a viable intelligence gain and loss awareness
  • Identify what criminal activities are ongoing or have already happened in cyber networks, do formal damage assessments in these areas, and support development of improved defenses
  • Partner on research and development in the challenging areas of attack attribution, warning, damage assessment, and space related threat collection and analysis
  • Organize and support counter-intelligence and counter-espionage (CI/CE) activities, with special focus on identifying/using auditing tools and processes to deal with the insider threats
  • Create a consistent and meaningful approach for the cyber equivalent of Battle Damage Assessment (BDA)/Combat Effectiveness Assessment
  • Establish public-private partnership cyber outreach forums that address these areas in a comprehensive, practical, and executable fashion. These forums can take the form of commissions that study the demand for cyber intelligence and value added to cyber security.

Phi Beta Iota:  The US is not just lacking in cyber-intelligence, it is lacking in all forms of intelligence qua decision-support.  The US intelligence community lacks integrity, and General Keith Alexander and General Jim Clapper and Mr. Mike Vickers have all been given too much money with zero adult leadership.  Top Secret America is a disgracefully dysfunctional enterprise, and now richly deserving of almost complete shut-down.  Congress and the White House have failed to be ethical or intelligent in this matter.

INSA PDF Report

See Also:

1994 Sounding the Alarm on Cyber-Security

2011 Cyber-Command or IO 21 + IO Roots

Cofer Black: Hackers Evil, Pay Me… + Hackers RECAP

Cyber-Virus Proliferation: USG as “Main Enemy”

David Isenberg: Jim Clapper Claims Transformation — Robert Steele Comments on Each Misrepresentation

DefDog: Cyber-Command Can’t Find Ball…

DefDog: US Army Blows Intelligence Computing (Again)…

Director of National Intelligence Self-Destructs…Again

FBI Wages Its Own Cyberwar on Zombie PCs

Get Real–On Jim Clapper’s Failure to Lead

Journal: Army Industrial-Era Network Security + Cyber-Security RECAP (Links to Past Posts)

Journal: Can’t Get No Satisfaction from US Intelligence Community…

Journal: Cyber-Heist 2nd Generation

Journal: Financial Intelligence Matters….

Journal: Information Security Seven Guiding Principles

Journal: Pentagon as VERY Slow Learner….

Journal: Who Controls (and Secures) the Internet?

Lack of Integrity = Jim Clapper Blows Off GAO

Obama to Clapper: “Disappointed.” Duh.

Reference: At What Cost, Intelligence? [On Ethics]

Reference: Bruce Schneier on Cyber War & Cyber Crime

Reference: Empire of Lies & Secrecy

Reference: IC-Zilla Epitaph

Richard Wright: It’s Only Money – Why the IC Continues to Fail & Robert Steele: 10% Grade – A Dishonorable Discharge Needed

Robert Steele: Secrecy, Self-Restraint, & Democracy Done in By Elites and “Experts”

Rules for Governing Cyber-Conflict

Search: cost of corruption + Corruption RECAP

Search: cybersecurity 1994

Search: Steele USMC C4I 1990′s

Secrecy News: Cost of Secrecy >$10B + RECAP

TDL-4 Rules–Industrial Era Governments Helpless

US Arms Industry Bleeding Secrets–This Is Not New

US Intelligence Unwitting of Most Open Sources