It was a dark and stormy night. In the darkness so deep that hearts shrink from fear and apathy. The bright star of hope rose slowly and emblazoned on the star were the letters C-I-A. Oh, wait. That was swamp gas. Nothing to see here folks keep on walking. Just a little disturbance. Nothing to do with cyber warfare and all those three letter agencies are actually only assisting others. They wouldn’t be doing anything special. Dark coats, dark glasses, and darker hearts aside what are the biases of agencies that are charged with cyber and intelligence? First we might want to consider just what intelligence agencies do that might inform some the other discussion.
Much of the culture and secrecy surrounding spies and hackers is similar. Wears black; check; only goes out in the dark; check; can’t be trusted with your grandmother; check; has nefarious plans and can’t be trusted; check. The reality in both cases might be farther from this pseudo identity, but the reality is that they do have a tendency to get together. At DefCon, BlackHat, and other hacker conferences they play spot the fed. The anonymity of government service becomes a certain celebrity when the venue changes. The super spy run amok among the hacker elite so to speak.
Whether we’re talking about the CIA or NSA the reality is that the patterns of behavior are pretty much the same within intelligence organizations. Through a variety of tools these agencies take in information and attempt through a variety of tools, systems, techniques, and wee bit of guess work they are looking to know what others don’t want them to know. If you consider image analysis the cameras take pictures and trained analysts then evaluate the pictures for missing information (trees, building, etc..) or added (missiles, bunkers, nuclear warheads). I’m mildly flippant but the reality is that analysis is about taking a subjective talent and trying to inform in quantifiable ways the resulting decisions that need to be made.
If a CIA operative or CIA officer is working with a human resource in a foreign country the information may not necessarily even be illegal to attain it is simply difficult. Rather than thinking dark alleys and dead drops think of information that simply isn’t easy to access. That doesn’t mean passing that information to others wouldn’t get the “spy” into trouble. In our own country recently professors have been charged with giving away national secrets to spies. In some cases those secrets have been transmitted to their graduate students. If in those cases the foreign national graduate student had gotten the information from another graduate student who might have been exposed if not holding a government clearance the crime would vanish. Human sourced intelligence can be gained from conversations, and substantially from open sources like newspapers.
It should become obvious that the intelligence community is trafficking in information. They are not “doing” things. Whether it is the gathering of signals intelligence or human intelligence the process is to collect and refine that information into the best product possible. This creates issues, as that process is primarily passive. Yes, it is obvious that the CIA and others do engage in some “active” roles, but in general the creation of intelligence assessments and such is a passive role. The intelligence is sometimes passed on to combatant commanders or leaders. The big hinge being the risk that doling out intelligence might have on the ability to gather future intelligence.
If we consider the ambivalent, pithy, and unremarkable analysis above we can suggest some primary biases of the intelligence community. One being that they are not necessarily incentivized to secure government networks, civilian networks, or in other words decrease the capability of their current systems. The fox is the least interested in seeing armed guards outside the hen house. Now the intelligence community might reject that and castigate me for the comment but it stands. The intelligence community is interested in a breadth of capabilities and maintaining those capabilities. As such the use of cyber for sustained activities is not going to be a sustained goal and in fact may be against their best interests. If a patch or technology swap by an adversary can degrade capability why invest in it?
For the intelligence community it may be far better to invest in up channel or early interaction/exploitation with the supply chain. In these cases a capability that they need can be baked into the equipment. Literally part of the hardware. The costs may be far less to exploit hardware then and have a larger scope of effect too. As such that may perversely put the intelligence community at a disadvantage when trying to scope corrective action. Since many technologies are dual or multi-use an exploited circuit or technology may be within their own domestic use as much as it is within a foreign nations use. So once again does the incentives are at cross-purposes between securing the nation and degrading a capability.
This is a balance of bias that is going to be hard to simplify. Keeping secrets and capabilities from degrading is a requirement for intelligence agencies. Keeping the corporate and government networks secure is a requirement for others not the intelligence community. As such the bias of intelligence agencies is tilted and that tilt may degrade other national capabilities. In some ways this comes down to turf battles between military and law enforcement agencies with intelligence agencies. The addition of cyber warfare has just changed the scope and direction o f the discussion. Until another agency rises to prominence in the cyber security realm the intelligence communities are going to be perceived as the leaders (rightfully or not). There is however no reason for the intelligence communities to assist or feed that and many reasons to keep it from happening. Their bias is to protect and not share. Their bias is to make sure their capabilities are not degraded. I would suggest that is likely the right scenario.