How Uber Could Help Change Spycraft

Uploaded on 2015-08-24 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

The_Intelligence_Process_JP_2-0.png

The US intelligence community wants feedback from the innovative car-sharing company and other commercial startups on its 5-year data-analysis roadmap. The intelligence community quietly released an unprecedented, unclassified five-year-roadmap charting the future of data analysis it wants commercial startups like ride sharing firm Uber to read.

The chart, part of a larger science and technology strategy, is aimed at encouraging unconventional makers like the car service app-developer and traditional tech contractors to help fund answers to oncoming national security problems.
The roadmap is an outgrowth of spring workshops with 40 companies that do classified work and a government analysis of the intelligence community’s science and technology needs.

By syncing private sector research now underway with the Office of the Director of Intelligence’s threat predictions, the right technology will be ready at the right time at the right price, DNI officials say.
The publicly available gap analysis, titled “Enhanced Processing and Management of Data from Disparate Sources,” maps out one of six future growth areas for the spy community. The other graphics are only for the eyes of individuals holding secret security clearances.
“Maybe they’ve got scheduling algorithms that would help us with our logistics problems,” David Honey, DNI director of science and technology, said during a recent interview with Nextgov. “If we can leverage those kinds of tools, maybe we gotta adapt them a little bit, but that certainly beats having to go and pay for those things from scratch.”

Powers U.S. spies need that no one is funding yet include, for example, expertise in determining the biases of social media site moderators, geolocation in the presence of encryption, room temperature quantum computing, and immersive virtual world user experience.
“One of our goals for the coming year is to try and extend our outreach via whichever trade associations are willing to take it on, into the uncleared community as well,” Honey said, sitting inside DNI’s McLean, Virginia headquarters. “That’s why getting this information on to the ODNI’s open website was so important to us. We want to have that outreach to the nontraditional to include the uncleared performer community so that they can gain insight into what the challenges are that we face so that they can come forward with ideas.”

As of four years ago, information technology consumed about 23 percent of intelligence program funding, according to DNI. President Barack Obama has requested $53.9 billion for the program in 2016.
Social Media Overload
Director of National Intelligence James Clapper last month described some information-munching difficulties confronting analysts, such as tracking down lone wolf extremists who have been inspired by Islamic State rhetoric.
“With the way people radicalize on their own, or are radicalized via social media where they don’t leave out a signature, they don’t emit — some attribute or trait or behavior that would lead you to begin watching them,” Clapper said at the Aspen Security Forum in Colorado. “And so we’re lacking that.”
The difficulty is then exacerbated by the use of encrypted, or digitally scrambled, communications, he said.
“Someone is proselyted by an ISIL recruiter sitting in Syria or some place,” and if that potential extremist takes an interest, “then they’ll switch to, you know, encrypted communications that we can’t watch,” Clapper said.
However, it is not believed the homegrown radical Mohammod Abdulazeez, who gunned down five servicemen in Chattanooga, Tennessee, in July, used encryption to hide plotting.
“There’s been no connection made” yet, Clapper acknowledged. He added, it might be beneficial to quantify the use of encryption by terrorists: “I think we probably need to see what we can do to do a better job of keeping some metrics” on incidents “where we ran into an encryption situation and that stymies an investigation,” he said.
The intelligence community is not bankrupt of innovators, by any means.
In-Q-Tel, a CIA-backed venture capital firm, has borne fruit from technologies it helped seed at open source threat analysis firm Recorded Future and data-sleuthing company Palantir, among some roughly 200 startups.
But sometimes, uncleared execs create gadgets and services that have unintentional classified applications, Honey said.
The spy community might look at, for instance, Twitter analytics to discern how a mass civilian casualty incident overseas is affecting foreign sentiment toward America.
Social media “is in many cases an indicator of developments that previously we never would have had access to. One time, the best open source information source would have been CNN,” Honey said. “But today, with all the social media activity that’s out there, we need to understand what’s coming before it gets here — not after it’s already here and now we’re behind the curve in understanding how to interpret it.”
People might ask, “How could you not follow what goes on, on Twitter?” he added. ”Well, it hasn’t been around that long,” he added.
Crowdsourcing Classified R&D
The data analytics roadmap fills up a couple of sheets in a 26-page unclassified 2016-2020 DNI science and technology strategy posted online in recent days.
Bringing the paper to life already has required the use of social media. Contractors and intelligence agencies are crowdsourcing updates to the document and matching agency needs with funded corporate projects on a classified website, Honey said.
The collaboration environment is located on a Top Secret system called Jwics, for Joint Worldwide Intelligence Communications System.
It’s easy to compare this venture to a wiki, but unlike, say, Wikipedia, the spy system must be able to push out edits to relevant agencies and relevant companies in a timely fashion.
Agencies “need to be able to post the challenge in a way that the system automatically alerts the right technology suppliers,” and “if you’re a technology provider and you are posting new solutions, the solutions need to be able to find their way to the customer” without everybody doing a search every day, Honey said.
If feasible, DNI will create a public Web space for individuals without clearances to contribute suggestions for the unclassified strategy, he said.
Other roadmaps designed during the recent contractor workshops chart rifts in, among other things, space capabilities, global proliferation prediction capacity, and the ability of novel sensors to reveal adversary actions.
The businesses that participated in the meetings are gathering a week from Monday to start developing yardsticks for measuring progress in each gap area, Honey said.
Outsiders wanting to help equip spies who have not been briefed on Top Secret intelligence are not necessarily at a disadvantage. They might be more likely to devise technologies that go beyond mere upgrades.
“If you are too close to the classified information, you are going to try to create a faster horse,” Honey said. “Quite often, people who have just a general knowledge of what we’re trying to do are in a better position to help us think about new solutions, than those who are deeply ingrained in the machine.”
DefenseOne: http://bit.ly/1Kpo2bH

 

 

« Investors Pour $Billions in to Cybersecurity
Addressing the Predictive Analytics Skills Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

Apomatix

Apomatix

Apomatix is a platform that simplifies the complexity of cyber risk audit and management.

StackRox

StackRox

StackRox delivers a container-native security platform that adapts detection and response to new threats.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Coursera

Coursera

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online. Subject areas include Computer Security & Networks.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.