How The CIA Is Making Sense Of Big Data

For decades, the CIA’s spying strategy remained relatively unchanged, perhaps reflected best in the fact that last year’s creation of a Directorate for Digital Innovation was the first new directorate within the spy agency in more than 50 years.

Helmed by Deputy Director Andrew Hallman, the new entity is a result of big data, the technological explosion of connectivity and data among devices, sensors and people, and the CIA’s wish to make sense of it all.

In a rare public appearance at Tuesday’s Cloudera Federal Forum, which was hosted by the custom events unit of Nextgov's parent company, Government Executive Media Group, Hallman said the CIA’s old information collection strategies couldn’t “withstand the accelerating rate of information” produced globally or “keep pace with policymakers’ more rapid need to make decisions.” In short, the CIA wants to be more predictive and less reactive.

“We are developing policy approaches that affect outcomes instead of becoming reactionary,” Hallman said. “We’re not here to chase the news.”

With the CIA’s technology backbone, including a cloud computing environment built by Amazon Web Services and other unique capabilities, now fully in place, Hallman said the spy agency is “taking next steps” to solidify its strategy around harnessing this explosion of information.

Big data technologies allow analysts to piece together the “digital exhaust” of adversaries, Hallman said. And even “small fragments” represent major opportunities. Analysts can use disparate data and accompanying analytic capabilities to put together a puzzle, even if all the pieces are spread randomly over the kitchen table.

“The whole can be pieced together from fragments,” Hallman said.

Hallman said the directorate is focused on three ideas: “Optimizing the CIA’s underlying digital ecosystem; establishing sound data management principles; and making data useful to increasingly sophisticated consumers.”

These ideas, he said, represent not only a major technical change to the agency’s operations, but a cultural transformation as well. An increased emphasis on data requires a reduction in old bureaucratic and management policies – allowing the agency to get out of the way of itself and its analysts, who act as stewards of the intelligence community’s greatest asset.

Optimizing the digital ecosystem requires a “decentralized governance process with just enough high-level guidance to operationalize,” Hallman said. “Information is the currency of the realm in the intelligence world, and we want all our analysts to have (currency) in their pockets.”

If the CIA has rebuilt its technology infrastructure, the next step is “rewiring its organizational neural pathways” to ensure, for example, that the kinds of lapses in information sharing that preceded 9/11 don’t reoccur. He’s put an emphasis on rapid dynamic teaming, or digitally networked teams, which collaborate in real-time “to storm vexing problems” when strange trends emerge or data suggests “subtle shifts or discontinuities.”

The emphasis is not only on sharing information with the CIA and other agencies within the IC, but “making the data useful to increasingly sophisticated consumers," Hallman added.

“Given the complexity of national security challenges we face today, we have to optimize not only technology but our officers’ minds,” he said. “We are developing policy approaches that affect the outcomes instead of becoming reactionary.”

NextGov: http://bit.ly/1pZy40b

« Who Is The Cybersecurity Guy In Your Organisation?
Cognitive Computing Market Forecast To Be Worth $31Billion In 3 Years »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.