Networked Threat, Networked Intelligence

Jun 15, 2012

View pdf

Cyberspace - The Fifth Strategic Domain

Cyberspace is a core strategic domain  that is central to social, economic and political life in North America. Approximately 79% of Americans and Canadians access the internet, and $174 billion dollars transit Canadian cyber networks every day. Cyberspace forms an arena of critical infrastructure for public service, healthcare delivery, banking, finance, education, energy and defence – it is key to our future economic growth. Internationally, cyberspace amplifies our global presence and connects us instantaneously to conflict zones. It promotes market opportunities and innovation across borders. NGOs, businesses, academia and others operate across global networks and act as important ambassadors, representing their country’s interests and values. Cyberspace also represents a new domain for the expression of human rights and freedoms – and for ­contesting their suppression.

In the aftermath of the Afghan and Libyan missions, the Government of Canada must assess its current and future security environment for possible threats, challenges, and required capabilities. The Canadian Forces will undergo fundamental transformations due to mission assessments, tightening of budgets, and shifts in priorities. Canada’s public and private ­sectors must take stock of the country’s intelligence capabilities and consider their suitability to the defence and security challenges of the information age.

Organized criminal syndicates, insurgents, terrorist groups and hostile states, as well as legitimate interests such as activists, commercial organizations, and billions of individual users, share a revolutionary trait: they are all networked. Cyberspace is their enabling domain, allowing them to pursue their interests through a medium with extremely low entry barriers.

This global revolution in communications and technology has also bequeathed sophisticated Command, Control, Computers, Communication, Intelligence, Surveillance and Reconnaissance (otherwise known as C4ISR) capabilities to all actors, be they state or non-state, benign or malevolent. The disenfranchised are now empowered, and non-state actors can acquire intelligence and even operational capabilities (often called “cyber warfare” capabilities) that traditionally were held exclusively by the state.

Non-state actors use cyber technologies and tradecraft that are often equally (or more) advanced, practised and effective than those of their government counterparts. Furthermore, dual-use technical developments are increasingly driven by the private sector in areas that have traditionally been the strength of the state.

Government has traditionally been its own client for intelligence or defence. However, most acts of espionage and crime today are directed at the riches held by industry, and not at Cold War “state secrets.” Thus, it was inevitable that comprehensive C4ISR capabilities would evolve in the private sector to serve growing business demands of these industries and of critical infrastructure. On the flipside, it was also inevitable that there is now a growing demand for (and supply of) capabilities to attack private industry and critical infrastructure from hostile state and non-state actors.

Cyberspace played a vital role in ­fostering and facilitating a number of key mobilizations in 2011, including the mass movements of protest across the Middle East and North Africa, the London riots, the rise of Wikileaks and Anonymous, and the various Occupy movements across the world. Non-state actors used cyberspace to generate real-world effects, such as the Stuxnet virus attack against Iran’s nuclear facilities in 2010. Situational analyses produced by governments around the world offered only anecdotal accounts of these events and lacked the real-time awareness to anticipate or proactively shape them. Traditional C4ISR, hard-coded to enumerate rigid hierarchical command structures and orders-of-battle, is less effective against asymmetric threats and is inadequate for analyzing grassroots social movements and complex eco-systems like cyberspace.

These new forms of C4ISR, mobilization, and expression can and should be incorporated into the larger intelligence cycle. Concurrently, we should also recognize that the distinction between ‘classified,’ ‘proprietary’ or ‘public’ information is becoming increasingly blurred. The ‘street value’ for sensitive commercial information, financial data and personal information, has far surpassed that of traditional public sector classified or secret information. Valuable data points lie across a number of different public or private sources. For example, open source information has been used to analyze criminal networks, ascertain the location of secret nuclear facilities, track secret rendition flights, assess the effectiveness of stability and humanitarian operations, and compromise multi-billion-dollar companies and even governments. Globally, the political spin on institutionally-provided information makes it unreliable as a source. Open source is often the only, or most reliable, source of some information, especially in at-risk regions with weak state authorities (such as law enforcement and security agencies) and minimal traditional non-state sources of information (the press). For example, large areas of Mexico can effectively be considered a failing state with ­minimal government presence or traditional media coverage; often the most reliable source of information is from social media, which is increasingly under violent threat from ­hostile cartels.

For Canada, the Afghan mission, in particular, elicited several long-term intelligence requirements. Complex counterinsurgency missions require a variety of information, including signals intelligence, aerial imagery, reports of significant actions and interactions with key actors on the ground and online. This challenge applies similarly to stabilization and humanitarian missions, such as the one in Haiti. It was open source data that allowed intervening countries to identify, map, and track hotspots of disaster and humanitarian efforts there. Various open source projects provide some of the most robust mapping of violence in Syria. In Libya, it has been argued that the NATO powers were not adequately cyber-enabled, not only in terms of capabilities but also in terms of more traditional military preoccupations such as information operations.

Soldiers, diplomats, development personnel, business, and the not-for-profit sector need to be able to plug in and contribute to the bigger intelligence picture in real time. The All Source Intelligence Centre that deployed to Afghanistan partially met this requirement, but it was not a long-term capability available to the wider Canadian Forces. Individual departments such as DND have initiated projects to develop such a capability, but these often suffer from decades-long timelines, a reliance on expensive and cumbersome custom-built or in-house capabilities (rather than off-the-shelf commercial capabilities), and a research and development mentality to something that is operationally required right now.

In contrast, key players within the U.S. government and industry are already employing these capabilities, with visible results. A number of enabling factors allowed the U.S. military’s Skope cell to defeat IED and insurgent networks in Iraq. These included innovative technology, interagency cooperation and unprecedented access to intelligence from different agencies and classification levels. The raid on the compound that housed al-Qaeda leader Osama bin Laden on 2 May 2011, in Abbottabad, Pakistan, truly underlined the strategic shifts and technological advancements that have been empowering the U.S. fight against al-Qaeda since 9/11, namely, the sharing of information and blurring of boundaries between U.S. national security, military, and law-enforcement agencies, and the ability to rapidly exploit intelligence.

Similar challenges confront law enforcement, security and intelligence agencies, and even the telecommunications and financial communities. Malevolent activity takes place online, and investigators need the capability to explore large and disparate data sets quickly.
Police officers and security intelligence investigators already gather vast amounts of information (surveillance records, wiretaps, digital forensics, and cyber logs) but require the ability to analyze these with operational relevance and efficiency. Even large financial institutions are using the same capabilities as governments to combat many types of fraud that, in the past, were difficult to detect and mitigate.

Multi-disciplinary thinking is required. Operators, subject matter experts, analysts, and technical experts must be brought together to exploit the wealth of information that is available in both open source and proprietary/confidential databases. All must work and share together, overcoming bureaucratic tendencies to compartmentalize analysis within ‘silos of excellence.’

The strategic direction of Canadian cyberspace is being influenced by the owner-operators of national information infrastructures, market forces, foreign technology vendors/suppliers, the cyber commons, and aggressive threat agents. Research has demonstrated that in Canada, public policy has had diminishing effects on the strategic direction of cyberspace, as it continues to be shaped by powerful socio-technological trends such as globalization, consumerization, convergence of capabilities, and the malevolent use of cyberspace.
A far deeper sophistication is demanded from public policy in order to influence a system as complex as cyberspace. Do we continue to draft strategic policies, or do we actually make use of enabling technologies and processes to mine the data and achieve strategic effects across foreign policy, defence, security, foreign aid and commerce in a pragmatic and proactive fashion?

Canada is being left behind. The United States has designated cyberspace as the “fifth domain” of war fighting, equal in importance to land, sea, air and space, and western states are seeking means of securing an inherently open system against ­”outside threats,” while also leveraging cyberspace to fight hostile networks, fraud and crime. Other states, such as members of the Shanghai Cooperation Organisation, also view cyberspace strategically, although largely out of fear that it may be used for mobilizing dissent against the state by people using technologies that were developed in the west.

Key actors within the Canadian government have already advocated for more strategic thinking regarding cyberspace. Within operational departments and agencies, such as DND, CSIS, CSEC and the RCMP, are highly competent individuals and divisions who know how to deal with cyber crime, issues of national security and counter-terrorism, and the defence of critical government networks.

The problem is that each agency works within its own mandate, without necessarily having an overarching view, influence or control of operations in cyberspace as a priority for the Canadian government and public policy. Until that real-time common operating picture is in place, the ability of individual agencies to act together will always be limited.

Public and private sector missions and objectives may vary, but they operate in the same theatres, using the same tools, techniques, tradecraft, and technology for command and control, security, intelligence, surveillance and reconnaissance, against the same persistent threats. Sensors, analytics and other capabilities need to be consistently deployed to build a persistent situational awareness of the strategic and operational environment, and to create the means to share critical data and analytical products in real time across previously siloed environments.

Arnav Manchanda is an associate with the SecDev Group and an analyst with the CDA Institute.
© FrontLine Security 2012