Getting Intelligence Agencies To Adapt To Life Out Of The Shadows

Uploaded on 2017-05-04 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

First Published by the Council on Foreign Relations:

Gone are the days when spy agencies did not officially exist with their personnel and activities guarded surreptitiously away from the public view.

Today, the situation could not be more different. The U.S. Office of the Director of National Intelligence has had a Tumblr account since 2014. NSA Director Admiral Mike Rogers appears regularly at conferences and panels. On the other side of the Atlantic, GCHQ Director Robert Hannigan writes op-eds for the Financial Times. GCHQ also recently broke a historical precedent of refusing to comment on allegations about its activities: the agency dismissed the unhelpful allegations about the agency’s role in spying on Trump, made by Andrew Napolitano and then echoed by the White House, claiming that they were ‘utterly ridiculous and should be ignored’. In recent years, signals intelligence (SIGINT) agencies have been pro-actively trying to manage and shape their public perception.

Why are organisations that pride themselves on secrecy, and which have previously appeared allergic to press relations, now proactively getting their message out there? The answer is that they are increasingly communicating out of necessity.

It is no coincidence that many of the attempts by SIGINT agencies to interact with the public have occurred in the aftermath of the Snowden disclosures. SIGINT agencies have struggled to overcome the trust deficit and heightened skepticism over their activity. As traditionally clandestine organizations, the culture within SIGINT agencies contrasts starkly with a more vocal pro-privacy community and a Silicon Valley machinery that invests significant sums in promoting its own narrative. Former NSA Deputy Director Chirs Inglis also acknowledged last year that the recent Oliver Stone movie on Snowden could further shift public perceptions against intelligence agencies. Although SIGINT agencies should not necessarily take on the surveillance debate directly, they are still able to promote themselves in a positive way. Public appearances by senior SIGINT agency staff has led to the perception of a more transparent culture while reminding the public about how SIGINT programs have helped to diffuse recent terrorist attacks also helps to bring a more positive spin—GCHQ claims that information it has gathered stopped six alleged terrorist plots in 2015 alone.

In addition to the battle of public perception, SIGINT agencies have naturally become more communicative due to their expanded remit. Given their history and expertise, they have become the natural choice for governments delegating cybersecurity responsibilities. Yet while collecting signals intelligence is an inherently covert activity, confronting the cybersecurity challenge instead requires a more open and communicative response, such as providing businesses and households with targeted and specific security advice. The need for a departure from the traditional SIGINT mentality has been recognised in the United Kingdom. In 2016, the government established the National Cyber Security Centre (NCSC).

The NCSC remains part of GCHQ, but is a distinct identity, and crucially one that is more far more publically facing. Although early days, the NCSC looks set to provide a more relevant and decisive leadership on the issue of cyber security.

SIGINT agencies have also turned to social media as a recruitment tool in an increasingly competitive jobs market. The limited supply of those with skills in computer science and cyber security means that university graduates can earn significantly sums in the private sector that government agencies have struggled to match. For those that do choose to work for the government, there is the added pressure for SIGINT agencies in competing for talent against multiple government organisations. According to Alan Paller, research director of the SANS Institute, “there’s a head-to-head battle between CIA and NSA for every new cyber employee”. Given the competition for talent, SIGINT agencies realize that reaching out to potential employees with a positive case is vital. CSE, GCHQ and the NSA routinely tweet on their qualities as an employer. The NSA also has a separate NSA Careers twitter handle while GCHQ has also used reverse graffiti to advertise careers in Shoreditch—a trendy borough of London frequented by tech-savvy graduates.

Despite the progress made on cyber security and recruitment, SIGINT agencies still face huge challenges in developing a coherent public relations strategy. The Russian interference in the U.S. election has pushed the U.S. intelligence community into unwelcome territory. While U.S. intelligence agencies are supposedly non-partisan, maintaining a neutrality has proved to be increasingly difficult. According to a New York Times report, FBI Director James Comey’s decision to abandon protocol and release information about the Clinton investigation, while withholding information about a Trump investigation, was based on his calculation of the electoral outcome. Ultimately, intelligence agencies are faced with a difficult balancing act, having to provide factual analysis without appearing to conspire against a political party or movement. Although there are no easy answers, intelligence agencies should at least establish clearer protocols for communicating with the public during periods of disinformation and instability. For example, these protocols could include guidance on intelligence agencies should answer accusations of partisan interference in an election.

While some SIGINT agencies have begun to adopt a more proactive public relations strategy, others remain clearly in the shadows. In the current climate of election interference, cyberattacks, and a shortage of technical skills, SIGINT agencies will increasingly find themselves on the back foot if they continue to ignore the importance of engaging with the public. Yet, intelligence agencies should proceed cautiously: the politicized role of intelligence agencies in the U.S. election has shown that public engagement, while necessary, contains its own set of challenges.

Jamie Collier is a Cyber Security DPhil Candidate and a Research Affiliate with the Cyber Studies Programme, University of Oxford. You can follow him @jscollier93

You Might Also Read:

NATO’s role in the cyber domain is unclear:

 

 

 

« Hackers Could Turn Off Your Car Engine – While You Are Driving
Major Cyber-Attack Prevented »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

Central Intelligence Agency (CIA) - USA

Central Intelligence Agency (CIA) - USA

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.