CIA Sees Intel Data Flood As Both A Benefit And A Danger

Uploaded on 2016-09-02 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

CIA Deputy Director Sean Roche.   source: vimeo

When he started at the CIA, Sean Roche recalls how little solid data the US spy agency had on what was going on inside the Kremlin.

"We would look at black-and-white pictures of old men standing on a wall with fur hats on at a May Day parade and try to figure out who was next in the succession and who’s going to croak," Roche, 53, said in an interview, contrasting the relative lack of data during the Cold War with the digital deluge the agency has to sort through today.

That trove of information is both a godsend for intelligence collection and a challenge to the Central Intelligence Agency’s clandestine tradecraft. As the CIA’s associate deputy director for digital innovation, he’s working on that balance while also protecting the agency’s own computer systems and the US generally from foreign cyber threats.

Today “people are putting all their thoughts, their conversations, their movements, their ideas into this digital stream," Roche said July 30 on the sidelines of the annual Aspen Security Forum in Colorado. A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.

Roche wouldn’t comment on recent hacking incidents, including breaches of the Democratic National Committee’s system and a data analytics program used by presidential nominee Hillary Clinton’s campaign, attacks that technology experts attribute to Russia. But he said that Russia, China, Iran and North Korea top the list of nations posing cybersecurity threats to the U.S. government and its contractors.

"They’re targeting data of all forms," Roche said, looking for information that gives them trade secrets or information about Americans that would help them achieve a national objective. Other cases involve "plain-old thuggery," Roche said, creating a nuisance and leaving a blatant trail to identify the source of the attack because "attribution feeds a national need for esteem.”

Attacks are often made possible on the receiving end by a "well-meaning but incompetent insider," Roche said, which includes those overseeing information technology systems and staffers who fall for targeted phishing attacks that lure them into clicking on a seemingly innocent link.

While some breaches happen quickly, Roche said last year’s hack of the Office of Personnel Management, which compromised data on 21.5 million individuals and has been linked to Chinese hackers, "opened people’s eyes. When you have an entity in there for months, they will patiently wait there" and seize data, he said.

Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats.

"We get very good insights into what the cyber actors are doing and we stop them before they get to our door," Roche said.

‘Digital Dust’

In a digital age, Roche said the secretive CIA has embraced the inevitability that new workers “come in with digital dust and a digital background” that can’t be erased. The agency also has to let its workers operate in the online and mobile world without divulging what they are doing and who they are working for, he added.

"The people that we are interested in are giving off digital dust as well," he said. "There are very few Ted Kaczynskis living in a cabin up in the woods totally disconnected," Roche said, referring to the killer known as the Unabomber, who was ultimately found in isolation.

Given the CIA’s well-known brand, Roche said he hasn’t had trouble filling his cyber workforce. "We have agency officers boomeranging and coming back after being successful in venture capital, after being successful in the IT industry, and then coming back to the agency to serve with all of that knowledge as very senior leaders," he said.

Roche said he’s also trying to bring more ethnic diversity to his teams through contacts with groups promoting science and technology among minorities.

"When I think about the IT business, it’s typically skinny-armed white males playing World of Warcraft," he said. "We’re changing that."

Burned-out traders and investors also have sought second careers at the CIA, he said. "We get a lot from Wall Street who say, ‘This was interesting when I got out of college but I’m looking for something more meaningful,’" he said. "They come to us and they knock on the door."

Information-Management: http://bit.ly/2aCBM8U

« Benefits of Penetration Testing
Russian Site is One-Stop Shop for Cyber-Crime »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Mindflow

Mindflow

Mindflow is dedicated to bringing answers to the challenges the cybersecurity field and beyond face today.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.