CIA Sees Intel Data Flood As Both A Benefit And A Danger

CIA Deputy Director Sean Roche.   source: vimeo

When he started at the CIA, Sean Roche recalls how little solid data the US spy agency had on what was going on inside the Kremlin.

"We would look at black-and-white pictures of old men standing on a wall with fur hats on at a May Day parade and try to figure out who was next in the succession and who’s going to croak," Roche, 53, said in an interview, contrasting the relative lack of data during the Cold War with the digital deluge the agency has to sort through today.

That trove of information is both a godsend for intelligence collection and a challenge to the Central Intelligence Agency’s clandestine tradecraft. As the CIA’s associate deputy director for digital innovation, he’s working on that balance while also protecting the agency’s own computer systems and the US generally from foreign cyber threats.

Today “people are putting all their thoughts, their conversations, their movements, their ideas into this digital stream," Roche said July 30 on the sidelines of the annual Aspen Security Forum in Colorado. A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.

Roche wouldn’t comment on recent hacking incidents, including breaches of the Democratic National Committee’s system and a data analytics program used by presidential nominee Hillary Clinton’s campaign, attacks that technology experts attribute to Russia. But he said that Russia, China, Iran and North Korea top the list of nations posing cybersecurity threats to the U.S. government and its contractors.

"They’re targeting data of all forms," Roche said, looking for information that gives them trade secrets or information about Americans that would help them achieve a national objective. Other cases involve "plain-old thuggery," Roche said, creating a nuisance and leaving a blatant trail to identify the source of the attack because "attribution feeds a national need for esteem.”

Attacks are often made possible on the receiving end by a "well-meaning but incompetent insider," Roche said, which includes those overseeing information technology systems and staffers who fall for targeted phishing attacks that lure them into clicking on a seemingly innocent link.

While some breaches happen quickly, Roche said last year’s hack of the Office of Personnel Management, which compromised data on 21.5 million individuals and has been linked to Chinese hackers, "opened people’s eyes. When you have an entity in there for months, they will patiently wait there" and seize data, he said.

Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats.

"We get very good insights into what the cyber actors are doing and we stop them before they get to our door," Roche said.

‘Digital Dust’

In a digital age, Roche said the secretive CIA has embraced the inevitability that new workers “come in with digital dust and a digital background” that can’t be erased. The agency also has to let its workers operate in the online and mobile world without divulging what they are doing and who they are working for, he added.

"The people that we are interested in are giving off digital dust as well," he said. "There are very few Ted Kaczynskis living in a cabin up in the woods totally disconnected," Roche said, referring to the killer known as the Unabomber, who was ultimately found in isolation.

Given the CIA’s well-known brand, Roche said he hasn’t had trouble filling his cyber workforce. "We have agency officers boomeranging and coming back after being successful in venture capital, after being successful in the IT industry, and then coming back to the agency to serve with all of that knowledge as very senior leaders," he said.

Roche said he’s also trying to bring more ethnic diversity to his teams through contacts with groups promoting science and technology among minorities.

"When I think about the IT business, it’s typically skinny-armed white males playing World of Warcraft," he said. "We’re changing that."

Burned-out traders and investors also have sought second careers at the CIA, he said. "We get a lot from Wall Street who say, ‘This was interesting when I got out of college but I’m looking for something more meaningful,’" he said. "They come to us and they knock on the door."

Information-Management: http://bit.ly/2aCBM8U

« Benefits of Penetration Testing
Russian Site is One-Stop Shop for Cyber-Crime »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

FoxPointe Solutions

FoxPointe Solutions

FoxPointe Solutions is a full-service cyber risk management and compliance firm.

Scalefusion

Scalefusion

Scalefusion provides a comprehensive suite of products engineered to simplify endpoint, user, and access management for IT teams.