How Uber Could Help Change Spycraft

Uploaded on 2015-08-24 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

The_Intelligence_Process_JP_2-0.png

The US intelligence community wants feedback from the innovative car-sharing company and other commercial startups on its 5-year data-analysis roadmap. The intelligence community quietly released an unprecedented, unclassified five-year-roadmap charting the future of data analysis it wants commercial startups like ride sharing firm Uber to read.

The chart, part of a larger science and technology strategy, is aimed at encouraging unconventional makers like the car service app-developer and traditional tech contractors to help fund answers to oncoming national security problems.
The roadmap is an outgrowth of spring workshops with 40 companies that do classified work and a government analysis of the intelligence community’s science and technology needs.

By syncing private sector research now underway with the Office of the Director of Intelligence’s threat predictions, the right technology will be ready at the right time at the right price, DNI officials say.
The publicly available gap analysis, titled “Enhanced Processing and Management of Data from Disparate Sources,” maps out one of six future growth areas for the spy community. The other graphics are only for the eyes of individuals holding secret security clearances.
“Maybe they’ve got scheduling algorithms that would help us with our logistics problems,” David Honey, DNI director of science and technology, said during a recent interview with Nextgov. “If we can leverage those kinds of tools, maybe we gotta adapt them a little bit, but that certainly beats having to go and pay for those things from scratch.”

Powers U.S. spies need that no one is funding yet include, for example, expertise in determining the biases of social media site moderators, geolocation in the presence of encryption, room temperature quantum computing, and immersive virtual world user experience.
“One of our goals for the coming year is to try and extend our outreach via whichever trade associations are willing to take it on, into the uncleared community as well,” Honey said, sitting inside DNI’s McLean, Virginia headquarters. “That’s why getting this information on to the ODNI’s open website was so important to us. We want to have that outreach to the nontraditional to include the uncleared performer community so that they can gain insight into what the challenges are that we face so that they can come forward with ideas.”

As of four years ago, information technology consumed about 23 percent of intelligence program funding, according to DNI. President Barack Obama has requested $53.9 billion for the program in 2016.
Social Media Overload
Director of National Intelligence James Clapper last month described some information-munching difficulties confronting analysts, such as tracking down lone wolf extremists who have been inspired by Islamic State rhetoric.
“With the way people radicalize on their own, or are radicalized via social media where they don’t leave out a signature, they don’t emit — some attribute or trait or behavior that would lead you to begin watching them,” Clapper said at the Aspen Security Forum in Colorado. “And so we’re lacking that.”
The difficulty is then exacerbated by the use of encrypted, or digitally scrambled, communications, he said.
“Someone is proselyted by an ISIL recruiter sitting in Syria or some place,” and if that potential extremist takes an interest, “then they’ll switch to, you know, encrypted communications that we can’t watch,” Clapper said.
However, it is not believed the homegrown radical Mohammod Abdulazeez, who gunned down five servicemen in Chattanooga, Tennessee, in July, used encryption to hide plotting.
“There’s been no connection made” yet, Clapper acknowledged. He added, it might be beneficial to quantify the use of encryption by terrorists: “I think we probably need to see what we can do to do a better job of keeping some metrics” on incidents “where we ran into an encryption situation and that stymies an investigation,” he said.
The intelligence community is not bankrupt of innovators, by any means.
In-Q-Tel, a CIA-backed venture capital firm, has borne fruit from technologies it helped seed at open source threat analysis firm Recorded Future and data-sleuthing company Palantir, among some roughly 200 startups.
But sometimes, uncleared execs create gadgets and services that have unintentional classified applications, Honey said.
The spy community might look at, for instance, Twitter analytics to discern how a mass civilian casualty incident overseas is affecting foreign sentiment toward America.
Social media “is in many cases an indicator of developments that previously we never would have had access to. One time, the best open source information source would have been CNN,” Honey said. “But today, with all the social media activity that’s out there, we need to understand what’s coming before it gets here — not after it’s already here and now we’re behind the curve in understanding how to interpret it.”
People might ask, “How could you not follow what goes on, on Twitter?” he added. ”Well, it hasn’t been around that long,” he added.
Crowdsourcing Classified R&D
The data analytics roadmap fills up a couple of sheets in a 26-page unclassified 2016-2020 DNI science and technology strategy posted online in recent days.
Bringing the paper to life already has required the use of social media. Contractors and intelligence agencies are crowdsourcing updates to the document and matching agency needs with funded corporate projects on a classified website, Honey said.
The collaboration environment is located on a Top Secret system called Jwics, for Joint Worldwide Intelligence Communications System.
It’s easy to compare this venture to a wiki, but unlike, say, Wikipedia, the spy system must be able to push out edits to relevant agencies and relevant companies in a timely fashion.
Agencies “need to be able to post the challenge in a way that the system automatically alerts the right technology suppliers,” and “if you’re a technology provider and you are posting new solutions, the solutions need to be able to find their way to the customer” without everybody doing a search every day, Honey said.
If feasible, DNI will create a public Web space for individuals without clearances to contribute suggestions for the unclassified strategy, he said.
Other roadmaps designed during the recent contractor workshops chart rifts in, among other things, space capabilities, global proliferation prediction capacity, and the ability of novel sensors to reveal adversary actions.
The businesses that participated in the meetings are gathering a week from Monday to start developing yardsticks for measuring progress in each gap area, Honey said.
Outsiders wanting to help equip spies who have not been briefed on Top Secret intelligence are not necessarily at a disadvantage. They might be more likely to devise technologies that go beyond mere upgrades.
“If you are too close to the classified information, you are going to try to create a faster horse,” Honey said. “Quite often, people who have just a general knowledge of what we’re trying to do are in a better position to help us think about new solutions, than those who are deeply ingrained in the machine.”
DefenseOne: http://bit.ly/1Kpo2bH

 

 

« Investors Pour $Billions in to Cybersecurity
Addressing the Predictive Analytics Skills Gap »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

Roke

Roke

Roke is a leading UK innovator in science and engineering. For over 60 years we’ve been improving the world through innovation by combining the physical and digital in new ways.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Corvid Cyberdefense

Corvid Cyberdefense

Corvid Cyberdefense provides military-grade cybersecurity as a service for growing organizations and municipalities of all sizes.

8kSec

8kSec

8kSec is a cybersecurity company specializing in training, consulting, and research.

Fable Security

Fable Security

We’re reimagining human risk management. Fable brings together the best of engineering, behavioral science, and AI to solve one of security’s hardest problems.