How The CIA Is Making Sense Of Big Data

Uploaded on 2016-04-05 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

For decades, the CIA’s spying strategy remained relatively unchanged, perhaps reflected best in the fact that last year’s creation of a Directorate for Digital Innovation was the first new directorate within the spy agency in more than 50 years.

Helmed by Deputy Director Andrew Hallman, the new entity is a result of big data, the technological explosion of connectivity and data among devices, sensors and people, and the CIA’s wish to make sense of it all.

In a rare public appearance at Tuesday’s Cloudera Federal Forum, which was hosted by the custom events unit of Nextgov's parent company, Government Executive Media Group, Hallman said the CIA’s old information collection strategies couldn’t “withstand the accelerating rate of information” produced globally or “keep pace with policymakers’ more rapid need to make decisions.” In short, the CIA wants to be more predictive and less reactive.

“We are developing policy approaches that affect outcomes instead of becoming reactionary,” Hallman said. “We’re not here to chase the news.”

With the CIA’s technology backbone, including a cloud computing environment built by Amazon Web Services and other unique capabilities, now fully in place, Hallman said the spy agency is “taking next steps” to solidify its strategy around harnessing this explosion of information.

Big data technologies allow analysts to piece together the “digital exhaust” of adversaries, Hallman said. And even “small fragments” represent major opportunities. Analysts can use disparate data and accompanying analytic capabilities to put together a puzzle, even if all the pieces are spread randomly over the kitchen table.

“The whole can be pieced together from fragments,” Hallman said.

Hallman said the directorate is focused on three ideas: “Optimizing the CIA’s underlying digital ecosystem; establishing sound data management principles; and making data useful to increasingly sophisticated consumers.”

These ideas, he said, represent not only a major technical change to the agency’s operations, but a cultural transformation as well. An increased emphasis on data requires a reduction in old bureaucratic and management policies – allowing the agency to get out of the way of itself and its analysts, who act as stewards of the intelligence community’s greatest asset.

Optimizing the digital ecosystem requires a “decentralized governance process with just enough high-level guidance to operationalize,” Hallman said. “Information is the currency of the realm in the intelligence world, and we want all our analysts to have (currency) in their pockets.”

If the CIA has rebuilt its technology infrastructure, the next step is “rewiring its organizational neural pathways” to ensure, for example, that the kinds of lapses in information sharing that preceded 9/11 don’t reoccur. He’s put an emphasis on rapid dynamic teaming, or digitally networked teams, which collaborate in real-time “to storm vexing problems” when strange trends emerge or data suggests “subtle shifts or discontinuities.”

The emphasis is not only on sharing information with the CIA and other agencies within the IC, but “making the data useful to increasingly sophisticated consumers," Hallman added.

“Given the complexity of national security challenges we face today, we have to optimize not only technology but our officers’ minds,” he said. “We are developing policy approaches that affect the outcomes instead of becoming reactionary.”

NextGov: http://bit.ly/1pZy40b

« Who Is The Cybersecurity Guy In Your Organisation?
Cognitive Computing Market Forecast To Be Worth $31Billion In 3 Years »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Uleska

Uleska

Uleska is a scalable platform that provides automated and continuous software security testing whilst translating cyber risk.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

Breadcrumb Cybersecurity

Breadcrumb Cybersecurity

Breadcrumb Cybersecurity is a cybersecurity and advisory firm. We specialize in penetration testing, threat hunting, incident response, regulatory compliance, and employee training services.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.