CIA Sees Intel Data Flood As Both A Benefit And A Danger

CIA Deputy Director Sean Roche.   source: vimeo

When he started at the CIA, Sean Roche recalls how little solid data the US spy agency had on what was going on inside the Kremlin.

"We would look at black-and-white pictures of old men standing on a wall with fur hats on at a May Day parade and try to figure out who was next in the succession and who’s going to croak," Roche, 53, said in an interview, contrasting the relative lack of data during the Cold War with the digital deluge the agency has to sort through today.

That trove of information is both a godsend for intelligence collection and a challenge to the Central Intelligence Agency’s clandestine tradecraft. As the CIA’s associate deputy director for digital innovation, he’s working on that balance while also protecting the agency’s own computer systems and the US generally from foreign cyber threats.

Today “people are putting all their thoughts, their conversations, their movements, their ideas into this digital stream," Roche said July 30 on the sidelines of the annual Aspen Security Forum in Colorado. A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.

Roche wouldn’t comment on recent hacking incidents, including breaches of the Democratic National Committee’s system and a data analytics program used by presidential nominee Hillary Clinton’s campaign, attacks that technology experts attribute to Russia. But he said that Russia, China, Iran and North Korea top the list of nations posing cybersecurity threats to the U.S. government and its contractors.

"They’re targeting data of all forms," Roche said, looking for information that gives them trade secrets or information about Americans that would help them achieve a national objective. Other cases involve "plain-old thuggery," Roche said, creating a nuisance and leaving a blatant trail to identify the source of the attack because "attribution feeds a national need for esteem.”

Attacks are often made possible on the receiving end by a "well-meaning but incompetent insider," Roche said, which includes those overseeing information technology systems and staffers who fall for targeted phishing attacks that lure them into clicking on a seemingly innocent link.

While some breaches happen quickly, Roche said last year’s hack of the Office of Personnel Management, which compromised data on 21.5 million individuals and has been linked to Chinese hackers, "opened people’s eyes. When you have an entity in there for months, they will patiently wait there" and seize data, he said.

Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats.

"We get very good insights into what the cyber actors are doing and we stop them before they get to our door," Roche said.

‘Digital Dust’

In a digital age, Roche said the secretive CIA has embraced the inevitability that new workers “come in with digital dust and a digital background” that can’t be erased. The agency also has to let its workers operate in the online and mobile world without divulging what they are doing and who they are working for, he added.

"The people that we are interested in are giving off digital dust as well," he said. "There are very few Ted Kaczynskis living in a cabin up in the woods totally disconnected," Roche said, referring to the killer known as the Unabomber, who was ultimately found in isolation.

Given the CIA’s well-known brand, Roche said he hasn’t had trouble filling his cyber workforce. "We have agency officers boomeranging and coming back after being successful in venture capital, after being successful in the IT industry, and then coming back to the agency to serve with all of that knowledge as very senior leaders," he said.

Roche said he’s also trying to bring more ethnic diversity to his teams through contacts with groups promoting science and technology among minorities.

"When I think about the IT business, it’s typically skinny-armed white males playing World of Warcraft," he said. "We’re changing that."

Burned-out traders and investors also have sought second careers at the CIA, he said. "We get a lot from Wall Street who say, ‘This was interesting when I got out of college but I’m looking for something more meaningful,’" he said. "They come to us and they knock on the door."

Information-Management: http://bit.ly/2aCBM8U

« Benefits of Penetration Testing
Russian Site is One-Stop Shop for Cyber-Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Tufin

Tufin

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Firesand

Firesand

Based in Milton Keynes, Firesand Ltd provides penetration testing services to improve your cyber security and protect your company against hackers.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Dedagroup (Deda)

Dedagroup (Deda)

Dedagroup provide application solutions and IT services to bring innovation at the core of business processes.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.