U.S. Cyber Command, tasked with defending Department of Defense IT networks and coordinating cyberspace operations, is developing its own intelligence hub, after years of relying on other information gathering sources.
The endeavour, still in its infancy, is meant to buttress data collection and augment CYBERCOM’s understanding of foreign capabilities in the ever-expanding cyber realm including the alliance built with Five Eyes partners for zero-trust cybersecurity.
The pivot to zero trust and the pursuit of widespread connectivity come as the U.S. prepares for a potential fight with China or Russia, world powers capable of intercepting military chatter and syphoning sensitive information from thought-to-be-secure systems.
The Defense Department has since 2015 experienced more than 12,000 cyber incidents, according to a Government Accountability Office evaluation. Yearly totals have declined since 2017.
“We know everything about a T-72 tank, all the way to every nut and bolt in there, for the Army,” Col. Candice Frost, the leader of the Joint Intelligence Operations Center at CYBERCOM, said at a Feb. 28 event hosted by Billington Cybersecurity in Virginia. “But we don’t have that for networks, with respect to an all-source capability.”
“Congress asked us: Do we need a centre that is focused on all-source intelligence to support Cyber Command, in the cyber domain?” Frost said. “And the answer was a resounding yes.”
The prospective Cyber Intelligence Center was previously teased by CYBERCOM’s director of intelligence, Brig. Gen. Matteo Martemucci. He told the Armed Forces Communications & Electronics Association International’s Signal magazine in November that an in-depth review of assets highlighted a need for a hub dedicated to analysing cyber expertise and exploits abroad.
It would complement the slate of well-established centres and intel-collecting practices with products that are sought-after but still not available, Martemucci said at the time.
Cyber as a discipline and general interest area has exploded in recent years. Paralysing ransomware attacks, as was seen with Colonial Pipeline, and the bloody Russia-Ukraine war have pushed discussions about digital destruction to the popular fore.
“We’ve got great partners with the National Security Agency, and they’re very focused on signals intelligence. That’s a huge part of what we look at. But across the spectrum, a combatant command really needs all-source intelligence,” she said. “We have found, unfortunately, that the foundational layer in cybersecurity just wasn’t there.”
The Cyber Intelligence Center would be primarily staffed through the Defense Intelligence Agency, which produces, analyses and disseminates military intelligence for combat and non combat missions.
Frost in her remarks acknowledged the work already done by National Air and Space Intelligence Center, the National Air and Space Intelligence Center and others, which feed the U.S. defence colossus scientific and technical information about faraway forces.
Frost - Indicated that the timeline for full implementation for a central source intelligence hub is yet unclear, referring to all matters in a large structured hierarchical Defence Force system, it will “take time”, however the plan is underway and the agency is forward-looking.