Cyber threats ‘blurring’ line between agencies’ foreign, domestic intelligence operations

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The digital revolution has broken down many barriers in government.

The Department of Homeland Security, for example, has been pushing greater cyber threat information sharing with the private sector. That effort came to a head when DHS launched the National Risk Management Center in July.

Joshua Skule, FBI executive assistant director for Intelligence

But the advance of cyber threats might also bring together the government’s foreign and domestic intelligence operations. Joshua Skule, the executive assistant director for intelligence at the FBI, said a rise in nation-state cyber threats has made the bureau rethink the way it works with the intel community.

“Due to technology and a lot of other innovation, we cannot think of the intelligence community as overseas and domestic any longer,” he said Wednesday at INSA’s Intelligence and National Security Summit in National Harbor. “I think there are certain authorities that need to be maintained in order to preserve civil liberties, but I think that we need today to work very closely together to make sure that what is happening in any four corners of the globe, to include the United States, is having the intended consequence that the U.S. government wants it to have.”

Russ Travers, the acting director of the National Counterterrorism Center (NCTC), said part of the problem is that malicious actors remain more agile than most bureaucracies.

“The characteristics, it seems to me, of these threats are they’re related to boundaries. We spend a lot of time focused on boundaries. The threats, not at all,” Travers said. “So it ends up blurring foreign and domestic. It means that we’ve got information co-mingled all over the place. It means that our borders are being crossed physically and virtually, and it raises questions about how we deal with all of the attributes of globalization — travel data, finance data and so forth that doesn’t lend itself to being put into any particular bucket.”

IC improving at sharing threat data

But the intelligence community has come a long way on sharing threat data since 9/11.

In his old job, as a deputy director at the Defense Intelligence Agency (DIA) Travers said his corner of the intelligence community didn’t communicate with the FBI at the same level that it does now.

Advertisement
“I don’t think that I’d ever had a professional conversation with an FBI officer. Because at the time, DIA looked out, the bureau looked in, and that created seams. It was that seam that I think bit us on 9/11, and since then, we’ve made huge progress,” Travers said. “Whether it’s business processes or information sharing , we as a government are much better at this than we used to be.”

Post-9/11, Travers said national security agencies have made exponential increases on sharing threat information, which has allowed the U.S. to track threats across the globe.

“If a police officer makes a stop of Russ Travers out in Colorado, they’re going to be able to run checks to determine that Russ Travers is a terrorist,” Travers said, using himself a hypothetical example. “This was the 9/11 problem. I think it was fixed because of integration across the entire government pretty quickly. The problem is, the bad guys are getting smarter.”

Malicious actors have become more adept at using fake passports and national ID cards. In order to combat this threat, agencies have leaned toward greater use of biometrics, which comes with its own unique set of challenges.

“You need to be able to do a near-real-time check on somebody coming across the border or being stopped by a police officer. That assumes that we have the biometrics in a single repository, which is not the case,” Travers said. “We have multiple repositories across the government.”

Getting a handle on the data

To further complicate the problem, many members of the intelligence community still don’t have a 360-degree view of the threat landscape.

“There are many places in this government where no analyst actually has access to all the information that’s relevant to their particular remit. Why? Because you’ve got competing equities. Information sits in repositories, and it is never brought together. You could make an argument that that’s a good thing. You could make an argument that it’s a bad thing. At the very least, it means that we are not efficient, and the question is, given the threats of today, is that where we want to be as a country, and I think we need to look that through.”

The intelligence community produces a lot of data, but it faces challenges getting its arms around that data. Brian Murphy, the principal deputy undersecretary for intelligence and analysis at DHS, said his agency has looked leveraging emerging tools to get a handle on its data.

“For the range of cyber attacks that constantly occur in private industry, that’s where we want to be both consumers and also pushers of intelligence, if you would. Big data, I think, is very, very important in today’s world, so that we get ahead of this threat,” Murphy said. “We sit on a lot of information in the department, and we’ve done a good job putting that out.”

But using things such as artificial intelligence, big data, analytics, he said, would allow DHS to share information more quickly with the intelligence community and state and local law enforcement.

In response to an executive order from President Donald Trump, DHS has stood up its National Vetting Center. Murphy said the center has been a great case study for threat sharing in the intelligence community.

“It really is one of the first instances where the intelligence community is using the secure cloud environment to put all of its eggs in one basket, so that when we vet people from visa-waiver countries coming in here, in real-time, we can tell who these people are,” he said.