The U.S. needs to develop a more effective means to protect its critical computer networks through a new and better coordinated “cyber intelligence” discipline, warns a new report.
The report by the Intelligence and National Security Alliance’s (INSA) Cyber Council said the dramatic increase of sophisticated cyber-attacks has moved beyond acceptable losses for government and businesses. “The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown," said the report.
“While there is a great deal of focus on current cyber security issues, there is little focus on defining and exploring the cyber threat environment at a higher level,” the report stated.
The report says the U.S. must develop strategies beyond the current "patch and pray" procedures, create cyber intelligence policies, more effectively coordinate and share intelligence among government agencies and businesses, and increase research on attack attribution and warnings. These strategies should be a coordinated effort across industry, academia and government, the report suggests.
While the Department of Homeland Security has the authority to regulate cyberspace, it lacks the experience and capabilities to orchestrate a comprehensive approach to cyber intelligence. The Department of Defense has most of the actual cyber-intelligence capabilities and private industry owns most of the infrastructure. The INSA’s Cyber Council suggests
INSA’s Cyber Council suggests a partnership be developed among all relevant government agencies and the private sector to “ensure seamless sharing of threat information, timely analytical judgments, and reasoned, measured responses to clear threats.”
The report also suggests the development of cyber intelligence professions, needed skillsets, training, and education for both industry and government needs.
Other recommendations include:
- Partner on research and development in the challenging areas of attack attribution, warning, damage assessment, and space related threat collection and analysis.
- Corporately define specific activities, plans, and intentions of adversaries; continuously identify current and emerging threat vectors, and support our plans and intentions.
- Identify what criminal activities are ongoing or have already happened in cyber networks, do formal damage assessments in these areas, and support development of improved defenses.
- Partner on research and development in the challenging areas of attack attribution, warning, damage assessment, and space-related threat collection and analysis.
- Organize and support counter-intelligence and counter-espionage (CI/CE) activities, with special focus on identifying/using auditing tools and processes to deal with the insider threats.
- Create a consistent and meaningful approach for the cyber equivalent of Battle Damage Assessment (BDA)/Combat Effectiveness Assessment.