CIA Sees Intel Data Flood As Both A Benefit And A Danger

Uploaded on 2016-09-02 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

CIA Deputy Director Sean Roche.   source: vimeo

When he started at the CIA, Sean Roche recalls how little solid data the US spy agency had on what was going on inside the Kremlin.

"We would look at black-and-white pictures of old men standing on a wall with fur hats on at a May Day parade and try to figure out who was next in the succession and who’s going to croak," Roche, 53, said in an interview, contrasting the relative lack of data during the Cold War with the digital deluge the agency has to sort through today.

That trove of information is both a godsend for intelligence collection and a challenge to the Central Intelligence Agency’s clandestine tradecraft. As the CIA’s associate deputy director for digital innovation, he’s working on that balance while also protecting the agency’s own computer systems and the US generally from foreign cyber threats.

Today “people are putting all their thoughts, their conversations, their movements, their ideas into this digital stream," Roche said July 30 on the sidelines of the annual Aspen Security Forum in Colorado. A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.

Roche wouldn’t comment on recent hacking incidents, including breaches of the Democratic National Committee’s system and a data analytics program used by presidential nominee Hillary Clinton’s campaign, attacks that technology experts attribute to Russia. But he said that Russia, China, Iran and North Korea top the list of nations posing cybersecurity threats to the U.S. government and its contractors.

"They’re targeting data of all forms," Roche said, looking for information that gives them trade secrets or information about Americans that would help them achieve a national objective. Other cases involve "plain-old thuggery," Roche said, creating a nuisance and leaving a blatant trail to identify the source of the attack because "attribution feeds a national need for esteem.”

Attacks are often made possible on the receiving end by a "well-meaning but incompetent insider," Roche said, which includes those overseeing information technology systems and staffers who fall for targeted phishing attacks that lure them into clicking on a seemingly innocent link.

While some breaches happen quickly, Roche said last year’s hack of the Office of Personnel Management, which compromised data on 21.5 million individuals and has been linked to Chinese hackers, "opened people’s eyes. When you have an entity in there for months, they will patiently wait there" and seize data, he said.

Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats.

"We get very good insights into what the cyber actors are doing and we stop them before they get to our door," Roche said.

‘Digital Dust’

In a digital age, Roche said the secretive CIA has embraced the inevitability that new workers “come in with digital dust and a digital background” that can’t be erased. The agency also has to let its workers operate in the online and mobile world without divulging what they are doing and who they are working for, he added.

"The people that we are interested in are giving off digital dust as well," he said. "There are very few Ted Kaczynskis living in a cabin up in the woods totally disconnected," Roche said, referring to the killer known as the Unabomber, who was ultimately found in isolation.

Given the CIA’s well-known brand, Roche said he hasn’t had trouble filling his cyber workforce. "We have agency officers boomeranging and coming back after being successful in venture capital, after being successful in the IT industry, and then coming back to the agency to serve with all of that knowledge as very senior leaders," he said.

Roche said he’s also trying to bring more ethnic diversity to his teams through contacts with groups promoting science and technology among minorities.

"When I think about the IT business, it’s typically skinny-armed white males playing World of Warcraft," he said. "We’re changing that."

Burned-out traders and investors also have sought second careers at the CIA, he said. "We get a lot from Wall Street who say, ‘This was interesting when I got out of college but I’m looking for something more meaningful,’" he said. "They come to us and they knock on the door."

Information-Management: http://bit.ly/2aCBM8U

« Benefits of Penetration Testing
Russian Site is One-Stop Shop for Cyber-Crime »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.

Charm Security

Charm Security

Charm Security is an AI-powered customer security platform that protects organizations and their customers from scams, social engineering, and human-centric fraud.

Axelerated Solutions

Axelerated Solutions

Axelerated Solutions offer a comprehensive range of technology services tailored to meet our clients' diverse needs. Our focus is on delivering innovative and secure solutions.