Defense

U.S. intelligence challenged by technology, cyber

Undersecretary of Defense Michael Vickers said cyber threats are "increasing in frequency, scale, sophistication and severity of impact."

A day after President Barack Obama's State of the Union address, a top Pentagon intelligence official gave what might be described as a State of Intelligence speech describing U.S. advantages in the field as increasingly challenged by asymmetric threats.

Undersecretary of Defense for Intelligence Michael Vickers put insecurity in cyberspace on par with terrorism as the biggest immediate threats to U.S. national security -- and touched on how IT can help cope with those challenges -- in a Jan. 21 appearance at the Atlantic Council in Washington.

Cyber threats are "increasing in frequency, scale, sophistication and severity of impact," Vickers said, naming Iran and North Korea as nation states with emerging capabilities in cyberspace. "The range of threat actors, the methods of attack, the targeted systems and the victims who suffer from these attacks have also been expanding."

The former CIA officer listed a handful of technological challenges facing the intelligence community and the Defense Department: the wide availability of commercial imagery for intelligence gathering; new encryption methods that complicate U.S. spying; and advances in biometrics and supercomputing, the latter of which he said was also an opportunity for the IC.

Vickers' speech came a day after DOD's annual review of more than 40 defense systems found several "exploitable cyber vulnerabilities" on DOD networks -- such as misconfigured software, unnecessary network services and weak passwords. When asked to respond to the report, Vickers pointed to two vast interagency IT projects as possible solutions: the Joint Information Environment and the IC Information Technology Enterprise.

Both the IC and DOD are "moving to new information technology systems, much like the private sector is in terms of cloud-based systems," he said. Nonetheless, he added that the government needs to further develop the "intelligence infrastructure" to support U.S. Cyber Command's growing mission.

In a nod to what security analysts often refer to as the post-Snowden era, Vickers outlined plans to bolster background checks and systems for detecting insider threats from defense and intelligence employees. Those initiatives will take several years to implement, and he described them as governmentwide efforts involving the Office of Personnel Management, the Office of the Director of National Intelligence, DOD and other agencies.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 

Featured

Reader comments

Thu, Jan 22, 2015 Bill Caelli Australia

BUT - BUT - remember "C2 by '92" and even "B2 by '95"? Somehow policy wonks seem to assume that ALL ICT products and systems are the same but we all know that an "SUV" is not a "tank", in defense terms. No commentary so far appears to talk about the actual computer systems used and their security stance, e.g. evaluation under the Common Criteria to a high level (beyond EAL4), a relevant protection profile - PP (no-one can claim that the obsolete discretionary access control- DAC - architecture is even vaguely relevant today). So - just what has to be the "trusted system" status of vital government and defense systems, e.g. remember Gemini Systems GEMSOS and its "A1" verification. After all - 2005 is the 30th anniversary of DoD's "orange Book" - what's happened and what's gone wrong with procurement of appropriate trusted systems?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group