Getting Intelligence Agencies To Adapt To Life Out Of The Shadows

Uploaded on 2017-05-04 in NEWS-News Analysis, INTELLIGENCE--International, FREE TO VIEW

First Published by the Council on Foreign Relations:

Gone are the days when spy agencies did not officially exist with their personnel and activities guarded surreptitiously away from the public view.

Today, the situation could not be more different. The U.S. Office of the Director of National Intelligence has had a Tumblr account since 2014. NSA Director Admiral Mike Rogers appears regularly at conferences and panels. On the other side of the Atlantic, GCHQ Director Robert Hannigan writes op-eds for the Financial Times. GCHQ also recently broke a historical precedent of refusing to comment on allegations about its activities: the agency dismissed the unhelpful allegations about the agency’s role in spying on Trump, made by Andrew Napolitano and then echoed by the White House, claiming that they were ‘utterly ridiculous and should be ignored’. In recent years, signals intelligence (SIGINT) agencies have been pro-actively trying to manage and shape their public perception.

Why are organisations that pride themselves on secrecy, and which have previously appeared allergic to press relations, now proactively getting their message out there? The answer is that they are increasingly communicating out of necessity.

It is no coincidence that many of the attempts by SIGINT agencies to interact with the public have occurred in the aftermath of the Snowden disclosures. SIGINT agencies have struggled to overcome the trust deficit and heightened skepticism over their activity. As traditionally clandestine organizations, the culture within SIGINT agencies contrasts starkly with a more vocal pro-privacy community and a Silicon Valley machinery that invests significant sums in promoting its own narrative. Former NSA Deputy Director Chirs Inglis also acknowledged last year that the recent Oliver Stone movie on Snowden could further shift public perceptions against intelligence agencies. Although SIGINT agencies should not necessarily take on the surveillance debate directly, they are still able to promote themselves in a positive way. Public appearances by senior SIGINT agency staff has led to the perception of a more transparent culture while reminding the public about how SIGINT programs have helped to diffuse recent terrorist attacks also helps to bring a more positive spin—GCHQ claims that information it has gathered stopped six alleged terrorist plots in 2015 alone.

In addition to the battle of public perception, SIGINT agencies have naturally become more communicative due to their expanded remit. Given their history and expertise, they have become the natural choice for governments delegating cybersecurity responsibilities. Yet while collecting signals intelligence is an inherently covert activity, confronting the cybersecurity challenge instead requires a more open and communicative response, such as providing businesses and households with targeted and specific security advice. The need for a departure from the traditional SIGINT mentality has been recognised in the United Kingdom. In 2016, the government established the National Cyber Security Centre (NCSC).

The NCSC remains part of GCHQ, but is a distinct identity, and crucially one that is more far more publically facing. Although early days, the NCSC looks set to provide a more relevant and decisive leadership on the issue of cyber security.

SIGINT agencies have also turned to social media as a recruitment tool in an increasingly competitive jobs market. The limited supply of those with skills in computer science and cyber security means that university graduates can earn significantly sums in the private sector that government agencies have struggled to match. For those that do choose to work for the government, there is the added pressure for SIGINT agencies in competing for talent against multiple government organisations. According to Alan Paller, research director of the SANS Institute, “there’s a head-to-head battle between CIA and NSA for every new cyber employee”. Given the competition for talent, SIGINT agencies realize that reaching out to potential employees with a positive case is vital. CSE, GCHQ and the NSA routinely tweet on their qualities as an employer. The NSA also has a separate NSA Careers twitter handle while GCHQ has also used reverse graffiti to advertise careers in Shoreditch—a trendy borough of London frequented by tech-savvy graduates.

Despite the progress made on cyber security and recruitment, SIGINT agencies still face huge challenges in developing a coherent public relations strategy. The Russian interference in the U.S. election has pushed the U.S. intelligence community into unwelcome territory. While U.S. intelligence agencies are supposedly non-partisan, maintaining a neutrality has proved to be increasingly difficult. According to a New York Times report, FBI Director James Comey’s decision to abandon protocol and release information about the Clinton investigation, while withholding information about a Trump investigation, was based on his calculation of the electoral outcome. Ultimately, intelligence agencies are faced with a difficult balancing act, having to provide factual analysis without appearing to conspire against a political party or movement. Although there are no easy answers, intelligence agencies should at least establish clearer protocols for communicating with the public during periods of disinformation and instability. For example, these protocols could include guidance on intelligence agencies should answer accusations of partisan interference in an election.

While some SIGINT agencies have begun to adopt a more proactive public relations strategy, others remain clearly in the shadows. In the current climate of election interference, cyberattacks, and a shortage of technical skills, SIGINT agencies will increasingly find themselves on the back foot if they continue to ignore the importance of engaging with the public. Yet, intelligence agencies should proceed cautiously: the politicized role of intelligence agencies in the U.S. election has shown that public engagement, while necessary, contains its own set of challenges.

Jamie Collier is a Cyber Security DPhil Candidate and a Research Affiliate with the Cyber Studies Programme, University of Oxford. You can follow him @jscollier93

You Might Also Read:

NATO’s role in the cyber domain is unclear:

 

 

 

« Hackers Could Turn Off Your Car Engine – While You Are Driving
Major Cyber-Attack Prevented »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Vicarious

Vicarious

Vicarious identify the vulnerabilities in the software without involving the vendor and protect it before the hackers take advantage of it, even in compiled applications.

Swiss CyberSecurity

Swiss CyberSecurity

Swiss CyberSecurity is a non-profit group based in Geneva, set up to provide information and as a forum for discussion of topics related to CyberSecurity.

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

The goal of ICSP is to become a state hub for cybersecurity research and education, including multidisciplinary programs and research opportunities, outreach activities, and industry partnership.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.