Getting Intelligence Agencies To Adapt To Life Out Of The Shadows

First Published by the Council on Foreign Relations:

Gone are the days when spy agencies did not officially exist with their personnel and activities guarded surreptitiously away from the public view.

Today, the situation could not be more different. The U.S. Office of the Director of National Intelligence has had a Tumblr account since 2014. NSA Director Admiral Mike Rogers appears regularly at conferences and panels. On the other side of the Atlantic, GCHQ Director Robert Hannigan writes op-eds for the Financial Times. GCHQ also recently broke a historical precedent of refusing to comment on allegations about its activities: the agency dismissed the unhelpful allegations about the agency’s role in spying on Trump, made by Andrew Napolitano and then echoed by the White House, claiming that they were ‘utterly ridiculous and should be ignored’. In recent years, signals intelligence (SIGINT) agencies have been pro-actively trying to manage and shape their public perception.

Why are organisations that pride themselves on secrecy, and which have previously appeared allergic to press relations, now proactively getting their message out there? The answer is that they are increasingly communicating out of necessity.

It is no coincidence that many of the attempts by SIGINT agencies to interact with the public have occurred in the aftermath of the Snowden disclosures. SIGINT agencies have struggled to overcome the trust deficit and heightened skepticism over their activity. As traditionally clandestine organizations, the culture within SIGINT agencies contrasts starkly with a more vocal pro-privacy community and a Silicon Valley machinery that invests significant sums in promoting its own narrative. Former NSA Deputy Director Chirs Inglis also acknowledged last year that the recent Oliver Stone movie on Snowden could further shift public perceptions against intelligence agencies. Although SIGINT agencies should not necessarily take on the surveillance debate directly, they are still able to promote themselves in a positive way. Public appearances by senior SIGINT agency staff has led to the perception of a more transparent culture while reminding the public about how SIGINT programs have helped to diffuse recent terrorist attacks also helps to bring a more positive spin—GCHQ claims that information it has gathered stopped six alleged terrorist plots in 2015 alone.

In addition to the battle of public perception, SIGINT agencies have naturally become more communicative due to their expanded remit. Given their history and expertise, they have become the natural choice for governments delegating cybersecurity responsibilities. Yet while collecting signals intelligence is an inherently covert activity, confronting the cybersecurity challenge instead requires a more open and communicative response, such as providing businesses and households with targeted and specific security advice. The need for a departure from the traditional SIGINT mentality has been recognised in the United Kingdom. In 2016, the government established the National Cyber Security Centre (NCSC).

The NCSC remains part of GCHQ, but is a distinct identity, and crucially one that is more far more publically facing. Although early days, the NCSC looks set to provide a more relevant and decisive leadership on the issue of cyber security.

SIGINT agencies have also turned to social media as a recruitment tool in an increasingly competitive jobs market. The limited supply of those with skills in computer science and cyber security means that university graduates can earn significantly sums in the private sector that government agencies have struggled to match. For those that do choose to work for the government, there is the added pressure for SIGINT agencies in competing for talent against multiple government organisations. According to Alan Paller, research director of the SANS Institute, “there’s a head-to-head battle between CIA and NSA for every new cyber employee”. Given the competition for talent, SIGINT agencies realize that reaching out to potential employees with a positive case is vital. CSE, GCHQ and the NSA routinely tweet on their qualities as an employer. The NSA also has a separate NSA Careers twitter handle while GCHQ has also used reverse graffiti to advertise careers in Shoreditch—a trendy borough of London frequented by tech-savvy graduates.

Despite the progress made on cyber security and recruitment, SIGINT agencies still face huge challenges in developing a coherent public relations strategy. The Russian interference in the U.S. election has pushed the U.S. intelligence community into unwelcome territory. While U.S. intelligence agencies are supposedly non-partisan, maintaining a neutrality has proved to be increasingly difficult. According to a New York Times report, FBI Director James Comey’s decision to abandon protocol and release information about the Clinton investigation, while withholding information about a Trump investigation, was based on his calculation of the electoral outcome. Ultimately, intelligence agencies are faced with a difficult balancing act, having to provide factual analysis without appearing to conspire against a political party or movement. Although there are no easy answers, intelligence agencies should at least establish clearer protocols for communicating with the public during periods of disinformation and instability. For example, these protocols could include guidance on intelligence agencies should answer accusations of partisan interference in an election.

While some SIGINT agencies have begun to adopt a more proactive public relations strategy, others remain clearly in the shadows. In the current climate of election interference, cyberattacks, and a shortage of technical skills, SIGINT agencies will increasingly find themselves on the back foot if they continue to ignore the importance of engaging with the public. Yet, intelligence agencies should proceed cautiously: the politicized role of intelligence agencies in the U.S. election has shown that public engagement, while necessary, contains its own set of challenges.

Jamie Collier is a Cyber Security DPhil Candidate and a Research Affiliate with the Cyber Studies Programme, University of Oxford. You can follow him @jscollier93

You Might Also Read:

NATO’s role in the cyber domain is unclear:

 

 

 

« Hackers Could Turn Off Your Car Engine – While You Are Driving
Major Cyber-Attack Prevented »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

Protergo Cyber Security

Protergo Cyber Security

Protergo Cyber Security is the first integrated provider of cybersecurity solutions in Indonesia. We proactively protect our clients from cyber threats.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.