Inside the IC – Federal News Network https://federalnewsnetwork.com Helping feds meet their mission. Wed, 29 Jun 2022 22:29:18 +0000 en-US hourly 1 https://federalnewsnetwork.com/wp-content/uploads/2017/12/cropped-icon-512x512-1-60x60.png Inside the IC – Federal News Network https://federalnewsnetwork.com 32 32 New clearance ideas aim to make national security workforce more mobile, diverse https://federalnewsnetwork.com/inside-ic/2022/06/new-clearance-ideas-aim-to-make-national-security-workforce-more-mobile-diverse/ https://federalnewsnetwork.com/inside-ic/2022/06/new-clearance-ideas-aim-to-make-national-security-workforce-more-mobile-diverse/#respond Wed, 29 Jun 2022 20:41:40 +0000 https://federalnewsnetwork.com/?p=4128718 var config_4128539 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/062922_InsideTheIC_FullEpisode_Mixdown_6ld5.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"Why it can be a challenge to move highly cleared people around","description":"[hbidcpodcast podcastid='4128539']nnIf the governmentwide \u201cTrusted Workforce 2.0\u201d initiative is a once-in-a-generation chance to modernize and streamline the personnel vetting process, then the Intelligence and National Security Alliance isn\u2019t sitting on the sidelines.nnPersonnel vetting reform is one of the <a href="https:\/\/federalnewsnetwork.com\/defense-news\/2022\/03\/omb-sees-2022-as-most-significant-year-for-security-clearance-reform\/">White House\u2019s<\/a> <a href="https:\/\/www.performance.gov\/trusted-workforce\/">top performance initiatives,<\/a> with published strategies and action plans. And agencies have already made strides in <a href="https:\/\/federalnewsnetwork.com\/inside-ic\/2022\/06\/lead-agency-for-security-clearance-reform-expands-continuous-vetting\/">adopting continuous vetting<\/a> and speeding up the background investigations process in recent years.nnBut INSA is continuing to offer new ideas and poke holes in current policies and processes, most recently with new white papers on <a href="https:\/\/www.insaonline.org\/wp-content\/uploads\/2022\/06\/Improving-Security-Clearance-Mobility.pdf">security clearance mobility<\/a> and <a href="https:\/\/www.insaonline.org\/wp-content\/uploads\/2021\/12\/Recruiting-and-Clearing-Personnel-with-Foreign-Ties.pdf">clearing personnel with foreign ties,<\/a> respectively.nnLarry Hanauer, vice president for policy at INSA, said the group is staying engaged with Congress and the intelligence community on major clearance initiatives, like continuous vetting and the development of the National Background Investigative Services.nn\u201cWe also look at ways just to make the clearance and adjudication process more efficient for both government staff and contractors,\u201d Hanauer said in an interview for Inside the IC.nnThe mobility paper, for instance, dives into inconsistent policies and processes that make it challenging to move personnel who need Top Secret Sensitive Compartmented Information (TS\/SCI) clearance from one agency to another.nnThe issue is most acute for contractors who often move personnel across multiple contracts and agencies. But it can affect recruiting for both agencies and industry.nnFor instance, some intelligence agencies allow personnel who already have TS\/SCI clearance to begin work while they wait for their polygraph test, while others make those employees wait until the polygraph is complete. Depending on the type of polygraph needed, that can mean a delay of anywhere from 30 days to 18 months.nnGreg Torres, the director of personnel security at Booz Allen Hamilton, said the net result is a small pool of personnel who are qualified to start work under contracts immediately.nn\u201cThis means we're just shuffling the deck chairs, moving someone from one government mission to another, making a hole somewhere else,\u201d Torres said. \u201cAnd we usually need to pay a premium for that employee to leave their current job.\u201dnnINSA\u2019s white paper recommends intelligence agencies consider the counter-intelligence polygraph sufficient for personnel to begin work until a full-scope polygraph can be scheduled.nn\u201cWe think this is a risk management approach, which we think is the right approach given the myriad tools that these agencies now have to mitigate any perceived risk,\u201d Torres said. \u201cIf you think about it years ago, they didn't have tools like continuous evaluation or user activity monitoring and a host of other tools. But they do now.\u201dnnThe white paper also recommends the Defense Department eliminate component-specific requirements for granting SCI access and name a senior official in charge of developing department-wide policies for such access.nnINSA estimates additional and disparate processes across the 43 DoD components can result in delays of two to five weeks beyond the few days it takes for a component to initially accept an individual\u2019s clearance. And it recommends clearing Top Secret applicants at the SCI level, as well, so additional processes don\u2019t delay that individual if they require SCI access in the future.nnDoD and the IC should also put an official or team in charge of uniting policies that affect personnel mobility, from clearance reciprocity to polygraphs to contract language and industry coordination, according to INSA\u2019s paper.nn\u201cSince the 9\/11 attacks, the government has made really a concerted effort to make sure that intelligence is shared, so you can work at agency X, and you're accessing intelligence information that comes from agencies Y and Z,\u201d Hanauer said. \u201cWhy, if you're going to go support agency Y or Z, should those agencies have to re-adjudicate your clearance or ask the different investigative steps be done all over again? ... It's these really duplicative processes that don't add anything to security.\u201dn<h2>Re-examining foreign ties<\/h2>nClearance and mobility processes can also present barriers to the intelligence community\u2019s goal of increasing diversity in the national security workforce. Contractors often compete for the same people who are already cleared at the highest levels, and new applicants can be dissuaded from going through a lengthy, often confusing process.nn\u201cIf you keep moving the same people around from place to place, you're not going to be as successful as you as you could be,\u201d Torres said on diversity.nnINSA\u2019s new white paper on \u201crecruiting and clearing personnel with foreign ties\u201d also dives headlong into diversity issues, positing that the security clearance process \u201cdoes not lend itself\u201d to hiring individuals with different backgrounds and experiences who may have key language and cultural skills.nnThe paper said the intelligence community needs to \u201cre-examine historical assumptions about the risks posed to national security by foreign-born persons or those with close foreign ties.\u201dnnAdjudicative guidelines for granting or revoking a clearance requires agencies to examine factors like allegiance to the United States, foreign influence, and foreign preference.nnBut INSA suggests investigators could look at those aspects from a risk mitigation approach, as opposed to eliminating all risk.nn\u201cInvestigators are never going to be able to learn everything they want to know about a candidate's uncle in rural China somewhere, but they can assess whether such a family tie really affects a candidate's loyalties or creates security risks that can't be mitigated,\u201d Hanauer said.nnThe paper also recommends mission-focused teams, such as analysts, work more closely with their counterparts in security and human resources, respectively, to ensure candidates with critical skills don\u2019t get easily dropped from the clearance process because of foreign ties.nn\u201cWe just feel like better communication between the human resources people, the mission-focused teams that want to hire a candidate, and the security folks will help ensure that people with those critical skills don't just hit that brick wall,\u201d Hanauer said. \u201cThe mission-focused teams might be able to provide the the security team, with additional insights into the reasons why this candidate is facing obstacles.\u201dnnThe white paper also recommends bias awareness training for all officials responsible for recruitment, hiring, investigations and adjudications. Meanwhile, new policies and procedures could consider a more granular consideration of foreign ties, INSA\u2019s paper suggests, such as reasons behind why a candidate wants to hang onto a dual citizenship.nnHanauer said that INSA is now working on a white paper comparing how commercial companies screen their job candidates and contrasting it with the government\u2019s clearance approach.nn\u201cCommercial companies ... manage to protect their sensitive information pretty well without subjecting their job candidates to a months-long vetting process,\u201d he said. \u201cWe're in the process of doing a comparison of public sector and private sector personnel screening to see if maybe the government can adopt some more efficient best practices from industry.\u201d"}};

If the governmentwide “Trusted Workforce 2.0” initiative is a once-in-a-generation chance to modernize and streamline the personnel vetting process, then the Intelligence and National Security Alliance isn’t sitting on the sidelines.

Personnel vetting reform is one of the White House’s top performance initiatives, with published strategies and action plans. And agencies have already made strides in adopting continuous vetting and speeding up the background investigations process in recent years.

But INSA is continuing to offer new ideas and poke holes in current policies and processes, most recently with new white papers on security clearance mobility and clearing personnel with foreign ties, respectively.

Larry Hanauer, vice president for policy at INSA, said the group is staying engaged with Congress and the intelligence community on major clearance initiatives, like continuous vetting and the development of the National Background Investigative Services.

“We also look at ways just to make the clearance and adjudication process more efficient for both government staff and contractors,” Hanauer said in an interview for Inside the IC.

The mobility paper, for instance, dives into inconsistent policies and processes that make it challenging to move personnel who need Top Secret Sensitive Compartmented Information (TS/SCI) clearance from one agency to another.

The issue is most acute for contractors who often move personnel across multiple contracts and agencies. But it can affect recruiting for both agencies and industry.

For instance, some intelligence agencies allow personnel who already have TS/SCI clearance to begin work while they wait for their polygraph test, while others make those employees wait until the polygraph is complete. Depending on the type of polygraph needed, that can mean a delay of anywhere from 30 days to 18 months.

Greg Torres, the director of personnel security at Booz Allen Hamilton, said the net result is a small pool of personnel who are qualified to start work under contracts immediately.

“This means we’re just shuffling the deck chairs, moving someone from one government mission to another, making a hole somewhere else,” Torres said. “And we usually need to pay a premium for that employee to leave their current job.”

INSA’s white paper recommends intelligence agencies consider the counter-intelligence polygraph sufficient for personnel to begin work until a full-scope polygraph can be scheduled.

“We think this is a risk management approach, which we think is the right approach given the myriad tools that these agencies now have to mitigate any perceived risk,” Torres said. “If you think about it years ago, they didn’t have tools like continuous evaluation or user activity monitoring and a host of other tools. But they do now.”

The white paper also recommends the Defense Department eliminate component-specific requirements for granting SCI access and name a senior official in charge of developing department-wide policies for such access.

INSA estimates additional and disparate processes across the 43 DoD components can result in delays of two to five weeks beyond the few days it takes for a component to initially accept an individual’s clearance. And it recommends clearing Top Secret applicants at the SCI level, as well, so additional processes don’t delay that individual if they require SCI access in the future.

DoD and the IC should also put an official or team in charge of uniting policies that affect personnel mobility, from clearance reciprocity to polygraphs to contract language and industry coordination, according to INSA’s paper.

“Since the 9/11 attacks, the government has made really a concerted effort to make sure that intelligence is shared, so you can work at agency X, and you’re accessing intelligence information that comes from agencies Y and Z,” Hanauer said. “Why, if you’re going to go support agency Y or Z, should those agencies have to re-adjudicate your clearance or ask the different investigative steps be done all over again? … It’s these really duplicative processes that don’t add anything to security.”

Re-examining foreign ties

Clearance and mobility processes can also present barriers to the intelligence community’s goal of increasing diversity in the national security workforce. Contractors often compete for the same people who are already cleared at the highest levels, and new applicants can be dissuaded from going through a lengthy, often confusing process.

“If you keep moving the same people around from place to place, you’re not going to be as successful as you as you could be,” Torres said on diversity.

INSA’s new white paper on “recruiting and clearing personnel with foreign ties” also dives headlong into diversity issues, positing that the security clearance process “does not lend itself” to hiring individuals with different backgrounds and experiences who may have key language and cultural skills.

The paper said the intelligence community needs to “re-examine historical assumptions about the risks posed to national security by foreign-born persons or those with close foreign ties.”

Adjudicative guidelines for granting or revoking a clearance requires agencies to examine factors like allegiance to the United States, foreign influence, and foreign preference.

But INSA suggests investigators could look at those aspects from a risk mitigation approach, as opposed to eliminating all risk.

“Investigators are never going to be able to learn everything they want to know about a candidate’s uncle in rural China somewhere, but they can assess whether such a family tie really affects a candidate’s loyalties or creates security risks that can’t be mitigated,” Hanauer said.

The paper also recommends mission-focused teams, such as analysts, work more closely with their counterparts in security and human resources, respectively, to ensure candidates with critical skills don’t get easily dropped from the clearance process because of foreign ties.

“We just feel like better communication between the human resources people, the mission-focused teams that want to hire a candidate, and the security folks will help ensure that people with those critical skills don’t just hit that brick wall,” Hanauer said. “The mission-focused teams might be able to provide the the security team, with additional insights into the reasons why this candidate is facing obstacles.”

The white paper also recommends bias awareness training for all officials responsible for recruitment, hiring, investigations and adjudications. Meanwhile, new policies and procedures could consider a more granular consideration of foreign ties, INSA’s paper suggests, such as reasons behind why a candidate wants to hang onto a dual citizenship.

Hanauer said that INSA is now working on a white paper comparing how commercial companies screen their job candidates and contrasting it with the government’s clearance approach.

“Commercial companies … manage to protect their sensitive information pretty well without subjecting their job candidates to a months-long vetting process,” he said. “We’re in the process of doing a comparison of public sector and private sector personnel screening to see if maybe the government can adopt some more efficient best practices from industry.”

]]>
https://federalnewsnetwork.com/inside-ic/2022/06/new-clearance-ideas-aim-to-make-national-security-workforce-more-mobile-diverse/feed/ 0
Lead agency for security clearance reform expands ‘continuous vetting’ https://federalnewsnetwork.com/inside-ic/2022/06/lead-agency-for-security-clearance-reform-expands-continuous-vetting/ https://federalnewsnetwork.com/inside-ic/2022/06/lead-agency-for-security-clearance-reform-expands-continuous-vetting/#respond Mon, 20 Jun 2022 22:20:13 +0000 https://federalnewsnetwork.com/?p=4111236 var config_4112481 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/aw.noxsolutions.com\/launchpod\/federal-drive\/mp3\/062122_Justin_web_i9so_5155d8cc.mp3?awCollectionId=1146&awEpisodeId=1569ef71-3eef-4ca0-8654-a5f85155d8cc&awNetwork=322"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2018\/12\/FD1500-150x150.jpg","title":"Lead agency for security clearance reform expands \u2018continuous vetting\u2019","description":"[hbidcpodcast podcastid='4112481']nnThe Defense Counterintelligence and Security Agency is adding more data categories to its \u201ccontinuous vetting\u201d program, while more than three dozen non-defense agencies are using DCSA\u2019s services as it moves ahead with security clearance reform efforts.nnDCSA is now monitoring 50,000 cleared individuals from 38 non-defense agencies under its continuous vetting program, according to Heather Green, assistant director of vetting risk operations at DCSA. That\u2019s on top of the 3.6 million Defense Department service members, civilians and contractors who were enrolled in continuous vetting <a href="https:\/\/federalnewsnetwork.com\/defense-main\/2021\/10\/pentagon-security-agency-looks-to-expand-continuous-vetting-beyond-dod-add-more-data-sources\/">by last October.<\/a>nn\u201cWe do anticipate this continuing to grow through this fiscal year and beyond as we add those additional CV services,\u201d Green said on Inside the IC. \u201cSo as more services and capability comes online, we're going to continue to grow our service to our federal agencies, as well as our DoD customers.\u201dnnDCSA is one of the lead agencies implementing the government-wide \u201cTrusted Workforce 2.0\u201d initiative. The effort aims to streamline the government\u2019s personnel vetting process through automated record checks, simplified security standards and more information sharing across agencies.nnEarlier this year, a White House official called 2022 <a href="https:\/\/federalnewsnetwork.com\/defense-news\/2022\/03\/omb-sees-2022-as-most-significant-year-for-security-clearance-reform\/">the "most significant, most consequential" year<\/a> for security clearance reform yet.nnDCSA's continuous vetting system is one of the centerpieces of the initiative, giving investigators the ability to receive automated alerts when a security clearance holder faces an issue that could put their clearance at risk.nnDCSA\u2019s continuous vetting system hit the \u201c1.25\u201d milestone last fall when the DoD cleared population was fully enrolled. But the system at that time was limited to three data categories: criminal activities, terrorism, and eligibility.nnThe agency is now adding alerts about suspicious financial activity, foreign travel, credit history and \u201cpublic record information\u201d to the continuous vetting system on the way to the \u201cTrusted Workforce 1.5\u201d milestone this fall, according to Green. Already, 2 million DoD clearance holders are\u00a0 enrolled in that expanded system of alerts.nnThe continuous vetting system is replacing periodic reinvestigations, where investigators would do a background check on a clearance holder every five or 10 years. Instead of learning about potentially suspicious activity years after it took place, the system is intended to provide security offices with alerts about such activity. Investigators can then decide whether to follow up.nnBut Green says continuous vetting is not a \u201cgotcha\u201d program. Instead, she says it\u2019s intended to improve security while also giving cleared personnel the chance to self-report and mitigate any potential issues.nn\u201cIn the grand scheme of things, very few individuals actually receive an alert or require the additional investigative action to take place,\u201d Green said. \u201cBut CV isn't just about generating those alerts. It really is about self-reporting. There are self-reporting requirements for clearance holders, and it's really supporting the goal of helping us identify potential issues before they fester into a larger insider threat concern.\u201dn<h2>Security clearance reciprocity timelines down<\/h2>nDCSA has also made major strides in the time it takes for it to process and adjudicate a security clearance granted by another agency, a process referred to as \u201creciprocity.\u201d The process affects personnel transferring from one agency to another, as well as contractors working on different projects for different agencies.nnDCSA now takes an average of just one day to make a reciprocity decision, down from a peak of 65 days in mid-2020, according to Green.nnShe credited \u201cbusiness process engineering\u201d leading to more efficient decision-making on reciprocity requests, as well as the merger of several organizations under DCSA, including the former National Background Investigations Bureau and the DoD Consolidated Adjudications Facility.nnLast year, DCSA also completed the shift from using multiple personnel security databases to the Defense Information Security System (DISS).nn\u201cHaving the ability to control the end-to-end process was certainly a part of that success,\u201d Green said of reciprocity.nnWhile other agencies, most notably in the intelligence community, take much longer to make reciprocity decisions, Green thinks the \u201ctransfer of trust\u201d process, as it\u2019s called under Trusted Workforce 2.0, will continue to improve with time.n<h2>Initial vetting hurdles<\/h2>nOne of the next major hurdles for security clearance reform will be speeding up the time it takes to get an initial applicant, with no prior government background investigation, through the vetting process. The initial background investigations process often takes months and even years in some cases, making it harder for the federal government to hire new employees.nn<a href="https:\/\/www.performance.gov\/assets\/files\/Personnel_Vetting_Reform_Progress_2022_Q1.pdf">A quarterly update<\/a> issued by the Security, Suitability, and Credentialing Performance Accountability Council earlier this year shows DCSA is expected to begin offering initial vetting products, using more automated processes and the new National Background Investigation Services (NBIS) IT system, starting next June.nn"We are committed to being what I would call the 'personal security provider of choice,'" Green said. "We're working very hard to provide new and enhanced products and services to support that full TW 2.0 implementation to include initial vetting products. The actual implementation of the new standards will take some time and will be fully phased in as those products and services are available. But we are leaning forward, looking at how we can continue to evolve all our vetting products and services.\u201d"}};

The Defense Counterintelligence and Security Agency is adding more data categories to its “continuous vetting” program, while more than three dozen non-defense agencies are using DCSA’s services as it moves ahead with security clearance reform efforts.

DCSA is now monitoring 50,000 cleared individuals from 38 non-defense agencies under its continuous vetting program, according to Heather Green, assistant director of vetting risk operations at DCSA. That’s on top of the 3.6 million Defense Department service members, civilians and contractors who were enrolled in continuous vetting by last October.

“We do anticipate this continuing to grow through this fiscal year and beyond as we add those additional CV services,” Green said on Inside the IC. “So as more services and capability comes online, we’re going to continue to grow our service to our federal agencies, as well as our DoD customers.”

DCSA is one of the lead agencies implementing the government-wide “Trusted Workforce 2.0” initiative. The effort aims to streamline the government’s personnel vetting process through automated record checks, simplified security standards and more information sharing across agencies.

Earlier this year, a White House official called 2022 the “most significant, most consequential” year for security clearance reform yet.

DCSA’s continuous vetting system is one of the centerpieces of the initiative, giving investigators the ability to receive automated alerts when a security clearance holder faces an issue that could put their clearance at risk.

DCSA’s continuous vetting system hit the “1.25” milestone last fall when the DoD cleared population was fully enrolled. But the system at that time was limited to three data categories: criminal activities, terrorism, and eligibility.

The agency is now adding alerts about suspicious financial activity, foreign travel, credit history and “public record information” to the continuous vetting system on the way to the “Trusted Workforce 1.5” milestone this fall, according to Green. Already, 2 million DoD clearance holders are  enrolled in that expanded system of alerts.

The continuous vetting system is replacing periodic reinvestigations, where investigators would do a background check on a clearance holder every five or 10 years. Instead of learning about potentially suspicious activity years after it took place, the system is intended to provide security offices with alerts about such activity. Investigators can then decide whether to follow up.

But Green says continuous vetting is not a “gotcha” program. Instead, she says it’s intended to improve security while also giving cleared personnel the chance to self-report and mitigate any potential issues.

“In the grand scheme of things, very few individuals actually receive an alert or require the additional investigative action to take place,” Green said. “But CV isn’t just about generating those alerts. It really is about self-reporting. There are self-reporting requirements for clearance holders, and it’s really supporting the goal of helping us identify potential issues before they fester into a larger insider threat concern.”

Security clearance reciprocity timelines down

DCSA has also made major strides in the time it takes for it to process and adjudicate a security clearance granted by another agency, a process referred to as “reciprocity.” The process affects personnel transferring from one agency to another, as well as contractors working on different projects for different agencies.

DCSA now takes an average of just one day to make a reciprocity decision, down from a peak of 65 days in mid-2020, according to Green.

She credited “business process engineering” leading to more efficient decision-making on reciprocity requests, as well as the merger of several organizations under DCSA, including the former National Background Investigations Bureau and the DoD Consolidated Adjudications Facility.

Last year, DCSA also completed the shift from using multiple personnel security databases to the Defense Information Security System (DISS).

“Having the ability to control the end-to-end process was certainly a part of that success,” Green said of reciprocity.

While other agencies, most notably in the intelligence community, take much longer to make reciprocity decisions, Green thinks the “transfer of trust” process, as it’s called under Trusted Workforce 2.0, will continue to improve with time.

Initial vetting hurdles

One of the next major hurdles for security clearance reform will be speeding up the time it takes to get an initial applicant, with no prior government background investigation, through the vetting process. The initial background investigations process often takes months and even years in some cases, making it harder for the federal government to hire new employees.

A quarterly update issued by the Security, Suitability, and Credentialing Performance Accountability Council earlier this year shows DCSA is expected to begin offering initial vetting products, using more automated processes and the new National Background Investigation Services (NBIS) IT system, starting next June.

“We are committed to being what I would call the ‘personal security provider of choice,'” Green said. “We’re working very hard to provide new and enhanced products and services to support that full TW 2.0 implementation to include initial vetting products. The actual implementation of the new standards will take some time and will be fully phased in as those products and services are available. But we are leaning forward, looking at how we can continue to evolve all our vetting products and services.”

]]>
https://federalnewsnetwork.com/inside-ic/2022/06/lead-agency-for-security-clearance-reform-expands-continuous-vetting/feed/ 0
State Department intelligence arm to set up open source coordination office https://federalnewsnetwork.com/inside-ic/2022/05/state-department-intelligence-arm-to-set-up-open-source-coordination-office/ https://federalnewsnetwork.com/inside-ic/2022/05/state-department-intelligence-arm-to-set-up-open-source-coordination-office/#respond Mon, 23 May 2022 20:27:33 +0000 https://federalnewsnetwork.com/?p=4072031 var config_4065142 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/051822_InsideTheIC_FullEpisode_Mixdown_nywr.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"The State Department’s intelligence arm has a new strategic plan","description":"[hbidcpodcast podcastid='4065142']nnThe State Department\u2019s intelligence branch is setting up a new open source office to improve how it shares analysis with diplomats worldwide under a new strategic plan that puts a major emphasis on upgrading the bureau\u2019s IT operations.nnBrett Holmgren, assistant secretary of state for intelligence and research, says the Strategic Open Source Coordination Office will serve as a \u201ccentral point of contact\u201d for policy, training and tradecraft around open source intelligence, or OSINT. The new unit will also test and procure open-source tools, help deliver them overseas, and manage contracts.nnThe Bureau of Intelligence and Analysis, or INR, provides intelligence to U.S. diplomats. But most diplomats, spread out at locations across the world, have sporadic access to classified U.S. intelligence assessments.nn\u201cBeing able to leverage open source in a fundamentally different way than we've done so to date will allow us to share our best insights at the unclassified, FOUO, or the sensitive but unclassified level, on new platforms to our diplomats overseas,\u201d Holmgren said on Inside the IC.nnThe intelligence community is increasingly looking to <a href="https:\/\/federalnewsnetwork.com\/intelligence-community\/2022\/05\/spy-agencies-look-to-standardize-use-of-open-source-intelligence\/">improve its use of OSINT,<\/a><a href="https:\/\/federalnewsnetwork.com\/inside-ic\/2022\/04\/intel-community-weighs-role-of-open-source-intelligence-amid-ukraine-conflict\/"> especially as Russia's invasion of Ukraine<\/a> plays out across social media feeds, commercial satellite images and other publicly available sources.nnThe open source office is part of the bureau\u2019s <a href="https:\/\/www.state.gov\/wp-content\/uploads\/2022\/02\/INR_2025_Strategic-Plan-Brochure_vF_FINAL.pdf">new strategic plan, called \u201cINR 2025.\u201d<\/a> It lays out five major pillars, starting with an imperative to \u201celevate strategic analysis and redefine intelligence support to diplomacy.\u201dnnHolmgren, who was sworn in last September, said that first pillar represents something of a return to INR\u2019s roots of developing long-range, strategic intelligence products.nn\u201cWe really want to kind of reinvest in that core capability,\u201d he said. \u201cOver the years, we've become a little bit overstretched in responding to a lot of the demand for current assessments, and we'll continue to do that, obviously, to support our policymakers. But we really want to step back and make sure that in the intelligence community, we are one of those agencies that is thinking about where the world is headed, and trying to identify some opportunities and risks over the horizon to provide a warning, and also to help enable our policymakers to think through wise foreign policy strategies.\u201dn<h2>INR\u2019s digital vision<\/h2>nThe strategy also prioritizes digital modernization. As Holmgren puts it, its about shifting away from an operations and maintenance mindset for IT toward \u201ca more modern, agile, innovative technology team.\u201dnnIn order to oversee that shift, INR created a chief information officer position. Raymond Romano is currently acting CIO for the bureau. He previously led the State Department\u2019s cyber threat investigations division at the Bureau of Diplomatic Security.nnINR is also creating a technology governance board to oversee the bureau\u2019s IT modernization efforts and ensure technology is incorporated into its strategic planning process moving forward, according to Holmgren.nn\u201cIt's a cultural shift, but I think it's vitally important, and it starts at the top in terms of how the leadership of our organization views technology and the role that it will play,\u201d he said.nnThe bureau is already sketching out a new mobile strategy, according to the new strategy. Holmgren says mobile devices will be key to delivering more open-source and unclassified information to diplomats across the globe.nn\u201cImagine a diplomat riding into work in the morning, or they're getting ready at their home in the morning, and they're somewhere in Asia, and they're able to pull up the INR app on their mobile device,\u201d Holmgren said. \u201cWe want to be able to provide real-time, relevant information to our diplomats in the most accessible manner possible, and we do view a mobile as a real opportunity for us to do so.\u201dn<h2>Tech savvy, diverse workforce<\/h2>nHolmgren also thinks INR\u2019s future workforce will continue to be more technologically savvy, even if they\u2019re not all software engineers.nn\u201cThey don't need to be fluent in JavaScript and Python languages,\u201d he said. \u201cThey don't need to know how to code. But they do need to understand how technology operates. They need to understand and be comfortable with using modern technology, so that they can be successful in the future.\u201dnnHolmgren says it\u2019s not just an imperative from an internal, business operations perspective.nn\u201cI think you'll see more officers with some backgrounds in science and technology, just given where the threat landscape is evolving in the world, everything from global pandemics to emerging technologies and cyber, and how all of these technologies are applied in the military context as well,\u201d he said. \u201cI think it'll be important to have experts on our team that not only understand the deep history of a particular region, or understand applied economics, but that actually understand and have a deep familiarity with some of the science and some of the education that underpins a lot of these disciplines.\u201dnnINR\u2019s strategy also places a priority on recruiting individuals from more diverse backgrounds and perspectives. Diversity continues to be a challenge <a href="https:\/\/federalnewsnetwork.com\/workforce\/2021\/10\/intelligence-community-workforce-is-more-diverse-but-still-struggles-with-retention-and-promotion\/">across the intelligence community.<\/a>nn\u201cIt's making sure that we are being very deliberate about our recruiting strategy moving forward,\u201d Holmgren said. \u201cAnd we're going to continue to invest in expertise, regardless of where it comes from. But we are going to make sure that we put a premium on forcing ourselves to think more critically about our recruitment strategies, and not just doing what's easy, but doing what's hard, because ultimately, that will make us better and more effective as a bureau in the future.\u201d"}};

The State Department’s intelligence branch is setting up a new open source office to improve how it shares analysis with diplomats worldwide under a new strategic plan that puts a major emphasis on upgrading the bureau’s IT operations.

Brett Holmgren, assistant secretary of state for intelligence and research, says the Strategic Open Source Coordination Office will serve as a “central point of contact” for policy, training and tradecraft around open source intelligence, or OSINT. The new unit will also test and procure open-source tools, help deliver them overseas, and manage contracts.

The Bureau of Intelligence and Analysis, or INR, provides intelligence to U.S. diplomats. But most diplomats, spread out at locations across the world, have sporadic access to classified U.S. intelligence assessments.

“Being able to leverage open source in a fundamentally different way than we’ve done so to date will allow us to share our best insights at the unclassified, FOUO, or the sensitive but unclassified level, on new platforms to our diplomats overseas,” Holmgren said on Inside the IC.

The intelligence community is increasingly looking to improve its use of OSINT, especially as Russia’s invasion of Ukraine plays out across social media feeds, commercial satellite images and other publicly available sources.

The open source office is part of the bureau’s new strategic plan, called “INR 2025.” It lays out five major pillars, starting with an imperative to “elevate strategic analysis and redefine intelligence support to diplomacy.”

Holmgren, who was sworn in last September, said that first pillar represents something of a return to INR’s roots of developing long-range, strategic intelligence products.

“We really want to kind of reinvest in that core capability,” he said. “Over the years, we’ve become a little bit overstretched in responding to a lot of the demand for current assessments, and we’ll continue to do that, obviously, to support our policymakers. But we really want to step back and make sure that in the intelligence community, we are one of those agencies that is thinking about where the world is headed, and trying to identify some opportunities and risks over the horizon to provide a warning, and also to help enable our policymakers to think through wise foreign policy strategies.”

INR’s digital vision

The strategy also prioritizes digital modernization. As Holmgren puts it, its about shifting away from an operations and maintenance mindset for IT toward “a more modern, agile, innovative technology team.”

In order to oversee that shift, INR created a chief information officer position. Raymond Romano is currently acting CIO for the bureau. He previously led the State Department’s cyber threat investigations division at the Bureau of Diplomatic Security.

INR is also creating a technology governance board to oversee the bureau’s IT modernization efforts and ensure technology is incorporated into its strategic planning process moving forward, according to Holmgren.

“It’s a cultural shift, but I think it’s vitally important, and it starts at the top in terms of how the leadership of our organization views technology and the role that it will play,” he said.

The bureau is already sketching out a new mobile strategy, according to the new strategy. Holmgren says mobile devices will be key to delivering more open-source and unclassified information to diplomats across the globe.

“Imagine a diplomat riding into work in the morning, or they’re getting ready at their home in the morning, and they’re somewhere in Asia, and they’re able to pull up the INR app on their mobile device,” Holmgren said. “We want to be able to provide real-time, relevant information to our diplomats in the most accessible manner possible, and we do view a mobile as a real opportunity for us to do so.”

Tech savvy, diverse workforce

Holmgren also thinks INR’s future workforce will continue to be more technologically savvy, even if they’re not all software engineers.

“They don’t need to be fluent in JavaScript and Python languages,” he said. “They don’t need to know how to code. But they do need to understand how technology operates. They need to understand and be comfortable with using modern technology, so that they can be successful in the future.”

Holmgren says it’s not just an imperative from an internal, business operations perspective.

“I think you’ll see more officers with some backgrounds in science and technology, just given where the threat landscape is evolving in the world, everything from global pandemics to emerging technologies and cyber, and how all of these technologies are applied in the military context as well,” he said. “I think it’ll be important to have experts on our team that not only understand the deep history of a particular region, or understand applied economics, but that actually understand and have a deep familiarity with some of the science and some of the education that underpins a lot of these disciplines.”

INR’s strategy also places a priority on recruiting individuals from more diverse backgrounds and perspectives. Diversity continues to be a challenge across the intelligence community.

“It’s making sure that we are being very deliberate about our recruiting strategy moving forward,” Holmgren said. “And we’re going to continue to invest in expertise, regardless of where it comes from. But we are going to make sure that we put a premium on forcing ourselves to think more critically about our recruitment strategies, and not just doing what’s easy, but doing what’s hard, because ultimately, that will make us better and more effective as a bureau in the future.”

]]>
https://federalnewsnetwork.com/inside-ic/2022/05/state-department-intelligence-arm-to-set-up-open-source-coordination-office/feed/ 0
Outgoing intelligence community data chief previews forthcoming data strategy https://federalnewsnetwork.com/inside-ic/2022/05/outgoing-intelligence-community-data-chief-previews-forthcoming-data-strategy/ https://federalnewsnetwork.com/inside-ic/2022/05/outgoing-intelligence-community-data-chief-previews-forthcoming-data-strategy/#respond Fri, 06 May 2022 18:01:40 +0000 https://federalnewsnetwork.com/?p=4047415 var config_4043870 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/050422_InsideTheIC_FullEpisode_Mixdown_ien8.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"A conversation with the intelligence community’s chief data officer","description":"[hbidcpodcast podcastid='4043870']nnThe intelligence community is drafting a new data strategy for the first time since 2017, with a big focus on training a data savvy workforce well equipped to take advantage of an increasing deluge of information that intelligence agencies are both collecting and producing.nnIntelligence agencies have made \u201cgreat strides\u201d since the first data strategy was published in 2017, according to Nancy Morgan, who just retired as chief data officer of the intelligence community. Her last day was April 29, and the office of the director of national intelligence has yet to select her replacement.nn\u201cWe've made some significant improvements to what we've been doing with data lifecycle management since the first IC data strategy was published in 2017,\u201d Morgan said in an April 28 interview on <a href="https:\/\/www.podcastone.com\/pd\/All-About-Data">All About Data<\/a>\u00a0and <a href="https:\/\/www.podcastone.com\/pd\/Inside-the-IC">Inside the IC.<\/a> \u201cWe feel we've done a lot of work to enhance sharing and safeguarding, but there's still more to do.\u201dnnChief data officers across the 18 intelligence agencies are focused on using automation to do more data preparation, Morgan said. The goal is to give analysts more time to \u201cdo higher order tasks\u201d rather than rudimentary jobs like data tagging.nn\u201cWe're collecting and producing more information than ever before, the IC is launching more collection capabilities than ever before at astounding volumes, certainly since I began my career 30-plus years ago,\u201d Morgan said. \u201cIt's just astounding how much information we're gathering. So it creates a data volume challenge.\u201dnnODNI is also updating the IC IT Enterprise, or \u201cICITE,\u201d strategy, a major guiding document for how intelligence agencies will use computing in the years ahead. The work is being led by Adele Merritt, the chief information officer for the intelligence community.nnThe new IT strategy will be pivotal to \u201cenhance the critical data management capabilities to achieve our goals,\u201d Morgan said.nnCDOs in the intelligence community are also looking to create more interoperability across intel agencies and the broader Defense Department. Morgan said leaders want to share successful approaches across organizations.nn"How do we integrate and involve multidisciplinary approaches that solve the IC's most challenging and emerging data issues?" she said. "We find new data challenges\u00a0 every day in every domain area."nnBut beyond technology, a major piece of the forthcoming data strategy is the workforce. Morgan said spy agencies aren\u2019t just focused on bringing in highly sought-after data scientists, but also training the existing workforce to be more data savvy.nn\u201cHow do we increase the data acumen and tradecraft, by not only attracting but developing, growing and resourcing the data savvy workforce?\u201d she said. \u201cSo not just the talent we recruit, but the workforce we already have. How do we give people a chance to develop new skills and make them even more powerful and valuable to the community?\u201dn<h2>Career pivots<\/h2>nIC data leaders are looking to create opportunities for intelligence professionals to start learning new skills related to digital technologies, data and cybersecurity, according to Morgan.nn\u201cIt's really very powerful when our domain experts learn some of the foundational skills for working with technology, working with automation, working with artificial intelligence, machine learning, being paired up with data scientists and data engineers,\u201d she said.nnThe focus isn\u2019t just on developing data professionals, but on building data aptitude across mission, business and policy areas, including acquisition, contracting, privacy and civil liberties, legal divisions and finance, according to Morgan.nn\u201cFrankly, it's about supervisors, managers, leaders, senior executives at all levels of the organization,\u201d she said. \u201cAre we asking the right questions about data when it's presented to us? Do we understand the data that's driving our decision making and we say the words data driven decision making but how are we actually putting that into practice?\u201dnnMorgan noted the Fiscal Year 2022 National Defense Authorization Act requires the Office of Personnel Management to establish new occupational series for not just \u201cdata science,\u201d but \u201cdata management\u201d as well.nn\u201cI was really proud of helping influence some of the wording on that, because while I absolutely want to have a strong data science cadre, you need the full data management realm,\u201d she said. \u201cYou need data managers, data policy experts, in addition to those data scientists and those data engineers.\u201dnnODNI is also preparing to conduct the pilot phase of a new public-private talent exchange. It will allow intelligence officers to work temporarily in the private sector, and vice versa. The pilot phase will allow for six-month details, according to Morgan.nnThe pilot phase will include specific focus areas, including professionals working in data, as well as a category for artificial intelligence and machine learning, according to Morgan.nn\u201cLaunching the pilot is a bit complicated, working through some of the security issues working through some of the acquisition and legal issues,\u201d she said. \u201cBut our goal is really to help intelligence officers and private sector colleagues better understand each other's mission, landscape, inject diverse thinking and gain new insights and really, hopefully create a more two way flow of talent skills and ideas.\u201dnnShe also said it could help inculcate a culture where there\u2019s more back-and-forth between the government and private sector.nn\u201cI don't know that people will have the same sort of trajectory of a career that's more only in the government or only in the private sector,\u201d Morgan said. \u201cI hope we'll see more two-way movement and more continuous movement over the time of someone's career. And again, selfishly, for me, this helps us grow our digital data and cyber savvy workforce with real world experiences.\u201d"}};

The intelligence community is drafting a new data strategy for the first time since 2017, with a big focus on training a data savvy workforce well equipped to take advantage of an increasing deluge of information that intelligence agencies are both collecting and producing.

Intelligence agencies have made “great strides” since the first data strategy was published in 2017, according to Nancy Morgan, who just retired as chief data officer of the intelligence community. Her last day was April 29, and the office of the director of national intelligence has yet to select her replacement.

“We’ve made some significant improvements to what we’ve been doing with data lifecycle management since the first IC data strategy was published in 2017,” Morgan said in an April 28 interview on All About Data and Inside the IC. “We feel we’ve done a lot of work to enhance sharing and safeguarding, but there’s still more to do.”

Chief data officers across the 18 intelligence agencies are focused on using automation to do more data preparation, Morgan said. The goal is to give analysts more time to “do higher order tasks” rather than rudimentary jobs like data tagging.

“We’re collecting and producing more information than ever before, the IC is launching more collection capabilities than ever before at astounding volumes, certainly since I began my career 30-plus years ago,” Morgan said. “It’s just astounding how much information we’re gathering. So it creates a data volume challenge.”

ODNI is also updating the IC IT Enterprise, or “ICITE,” strategy, a major guiding document for how intelligence agencies will use computing in the years ahead. The work is being led by Adele Merritt, the chief information officer for the intelligence community.

The new IT strategy will be pivotal to “enhance the critical data management capabilities to achieve our goals,” Morgan said.

CDOs in the intelligence community are also looking to create more interoperability across intel agencies and the broader Defense Department. Morgan said leaders want to share successful approaches across organizations.

“How do we integrate and involve multidisciplinary approaches that solve the IC’s most challenging and emerging data issues?” she said. “We find new data challenges  every day in every domain area.”

But beyond technology, a major piece of the forthcoming data strategy is the workforce. Morgan said spy agencies aren’t just focused on bringing in highly sought-after data scientists, but also training the existing workforce to be more data savvy.

“How do we increase the data acumen and tradecraft, by not only attracting but developing, growing and resourcing the data savvy workforce?” she said. “So not just the talent we recruit, but the workforce we already have. How do we give people a chance to develop new skills and make them even more powerful and valuable to the community?”

Career pivots

IC data leaders are looking to create opportunities for intelligence professionals to start learning new skills related to digital technologies, data and cybersecurity, according to Morgan.

“It’s really very powerful when our domain experts learn some of the foundational skills for working with technology, working with automation, working with artificial intelligence, machine learning, being paired up with data scientists and data engineers,” she said.

The focus isn’t just on developing data professionals, but on building data aptitude across mission, business and policy areas, including acquisition, contracting, privacy and civil liberties, legal divisions and finance, according to Morgan.

“Frankly, it’s about supervisors, managers, leaders, senior executives at all levels of the organization,” she said. “Are we asking the right questions about data when it’s presented to us? Do we understand the data that’s driving our decision making and we say the words data driven decision making but how are we actually putting that into practice?”

Morgan noted the Fiscal Year 2022 National Defense Authorization Act requires the Office of Personnel Management to establish new occupational series for not just “data science,” but “data management” as well.

“I was really proud of helping influence some of the wording on that, because while I absolutely want to have a strong data science cadre, you need the full data management realm,” she said. “You need data managers, data policy experts, in addition to those data scientists and those data engineers.”

ODNI is also preparing to conduct the pilot phase of a new public-private talent exchange. It will allow intelligence officers to work temporarily in the private sector, and vice versa. The pilot phase will allow for six-month details, according to Morgan.

The pilot phase will include specific focus areas, including professionals working in data, as well as a category for artificial intelligence and machine learning, according to Morgan.

“Launching the pilot is a bit complicated, working through some of the security issues working through some of the acquisition and legal issues,” she said. “But our goal is really to help intelligence officers and private sector colleagues better understand each other’s mission, landscape, inject diverse thinking and gain new insights and really, hopefully create a more two way flow of talent skills and ideas.”

She also said it could help inculcate a culture where there’s more back-and-forth between the government and private sector.

“I don’t know that people will have the same sort of trajectory of a career that’s more only in the government or only in the private sector,” Morgan said. “I hope we’ll see more two-way movement and more continuous movement over the time of someone’s career. And again, selfishly, for me, this helps us grow our digital data and cyber savvy workforce with real world experiences.”

]]>
https://federalnewsnetwork.com/inside-ic/2022/05/outgoing-intelligence-community-data-chief-previews-forthcoming-data-strategy/feed/ 0
Intel community weighs role of open source intelligence amid Ukraine conflict https://federalnewsnetwork.com/inside-ic/2022/04/intel-community-weighs-role-of-open-source-intelligence-amid-ukraine-conflict/ https://federalnewsnetwork.com/inside-ic/2022/04/intel-community-weighs-role-of-open-source-intelligence-amid-ukraine-conflict/#respond Wed, 20 Apr 2022 21:39:58 +0000 https://federalnewsnetwork.com/?p=4018771 var config_4019510 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/042022_InsideTheIC_FullEpisode_Mixdown_1q7o.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"How spy agencies use open source intelligence","description":"[hbidcpodcast podcastid='4019510']nnIntelligence agencies have struggled to define how open source intelligence fits into its broader work, but the wide breadth of publicly available information about the Ukraine conflict, combined with proactive disclosures of classified information, are providing some clarity about OSINT\u2019s role.nnDuring an appearance at the Center for Strategic and International Studies last week, Principal Deputy Director of National Intelligence Stacey Dixon said publicly available satellite imagery, for instance, puts the intelligence community \u201cin a different place\u201d in not being the sole arbiter of information about a foreign conflict like the one in Ukraine.nnCommercial satellite imagery helped expose Russia\u2019s build-up of forces prior to the invasion, and since then, such imagery has helped publicly track the conflict\u2019s progression in detail.nn\u201cWithin the community, I think we have been thinking about open source information and how it actually fits into the intelligence enterprise for quite a while,\u201d Dixon said. \u201cThere's a lot of really useful information out there and so figuring out how do we legally, keeping in mind privacy and civil liberties, how do we bring in the information that's useful and see how we can complement the classified information we have in terms of being able to provide insights to our customers.\u201dnnOSINT represents a rapidly expanding world of social media feeds, commercial satellite imagery, cell phone videos and other internet-derived information that allow professional and amateur analysts alike to investigate events happening around the world without the need for classified information.nnBut Dixon said the U.S. intelligence analysts bring a known amount of \u201crigor\u201d to their work, while measuring the quality of outside analysis can be difficult.nn\u201cI know the rigor with which our analysts interpret information,\u201d she said. \u201cI don't know the rigor with which all other analysts interpret information.\u201dnn\u201cI've seen sometimes others with perhaps less rigor in their analysis make statements and claims that you really can't tell from that information itself, it may be a logical next step, but our intelligence is based on what we actually see or hear or what we actually measure,\u201d Dixon added.nnThe IC traditionally defined open source intelligence as foreign newspapers and other media. The various definitions of "OSINT" in the intelligence community have evolved over the years to also capture media from the internet, but they remain vague and vary across agencies, according to a <a href="https:\/\/www.csis.org\/analysis\/move-over-jarvis-meet-oscar">January report<\/a> from the Center for Strategic and International Studies foundnnThe CSIS report says the intelligence community \u201chas not yet warmed\u201d to OSINT, and is yet to take advantage of artificial intelligence and machine learning tools to make sense of vast amounts of publicly available information.nn\u201cFor the intelligence community to meet its mission of \u2018all-source\u2019 analysis, it cannot afford to ignore a wealth of available data solely because it is unclassified,\u201d the report states. \u201cIn a best-case scenario, the IC will lose policymaker attention and trust as they compete with private intelligence. But the worst case scenario is more problematic: U.S. adversaries are pursuing this same technology aggressively and outstripping IC capabilities.\u201dnnLauren Zabierek, a former intelligence officer and executive director of the Cyber Project at Harvard Kennedy School's Belfer Center, said the CSIS report provides a good overview of the myriad policy, legal and cultural challenges that can constrain the use of OSINT within the intelligence community.nn\u201cAnalysts want to do a good job, they want to be able to use information in their analyses,\u201d Zabierek said on \u201cInside the IC.\u201d \u201cBut there are a lot of different issues that I think the community and even Congress really need to address.\u201dnnShe said Congress could improve how it sets budgets and requirements to advance the role of OSINT, while both Congress and the executive branch need to work through legal issues governing how analysts can use publicly available information, so they can do so while ensuring privacy and civil liberties are protected.nnMaria Robson, program coordinator of the Intelligence Project at the Belfer Center, studies how the private sector has increasingly built up OSINT tradecraft over the last two decades. She said while some people retain their security clearances when they move to the private sector, the clearances aren\u2019t providing \u201cnuggets of gold\u201d compared to OSINT.nn\u201cA lot of it is just the power of open source information in a way that didn't exist 10 or 20 years ago,\u201d Robson said on \u201cInside the IC.\u201d \u201cThe distinction that we see here with public and private is the extent of the training on open source intelligence analysis that exists in the private sector that doesn't necessarily exist in the government because of the access to classified information. And so one of the things I think we need to see is learning from those private sector models in terms of how to train analysts and how to effectively take advantage of all the open source intelligence available.\u201d"}};

Intelligence agencies have struggled to define how open source intelligence fits into its broader work, but the wide breadth of publicly available information about the Ukraine conflict, combined with proactive disclosures of classified information, are providing some clarity about OSINT’s role.

During an appearance at the Center for Strategic and International Studies last week, Principal Deputy Director of National Intelligence Stacey Dixon said publicly available satellite imagery, for instance, puts the intelligence community “in a different place” in not being the sole arbiter of information about a foreign conflict like the one in Ukraine.

Commercial satellite imagery helped expose Russia’s build-up of forces prior to the invasion, and since then, such imagery has helped publicly track the conflict’s progression in detail.

“Within the community, I think we have been thinking about open source information and how it actually fits into the intelligence enterprise for quite a while,” Dixon said. “There’s a lot of really useful information out there and so figuring out how do we legally, keeping in mind privacy and civil liberties, how do we bring in the information that’s useful and see how we can complement the classified information we have in terms of being able to provide insights to our customers.”

OSINT represents a rapidly expanding world of social media feeds, commercial satellite imagery, cell phone videos and other internet-derived information that allow professional and amateur analysts alike to investigate events happening around the world without the need for classified information.

But Dixon said the U.S. intelligence analysts bring a known amount of “rigor” to their work, while measuring the quality of outside analysis can be difficult.

“I know the rigor with which our analysts interpret information,” she said. “I don’t know the rigor with which all other analysts interpret information.”

“I’ve seen sometimes others with perhaps less rigor in their analysis make statements and claims that you really can’t tell from that information itself, it may be a logical next step, but our intelligence is based on what we actually see or hear or what we actually measure,” Dixon added.

The IC traditionally defined open source intelligence as foreign newspapers and other media. The various definitions of “OSINT” in the intelligence community have evolved over the years to also capture media from the internet, but they remain vague and vary across agencies, according to a January report from the Center for Strategic and International Studies found

The CSIS report says the intelligence community “has not yet warmed” to OSINT, and is yet to take advantage of artificial intelligence and machine learning tools to make sense of vast amounts of publicly available information.

“For the intelligence community to meet its mission of ‘all-source’ analysis, it cannot afford to ignore a wealth of available data solely because it is unclassified,” the report states. “In a best-case scenario, the IC will lose policymaker attention and trust as they compete with private intelligence. But the worst case scenario is more problematic: U.S. adversaries are pursuing this same technology aggressively and outstripping IC capabilities.”

Lauren Zabierek, a former intelligence officer and executive director of the Cyber Project at Harvard Kennedy School’s Belfer Center, said the CSIS report provides a good overview of the myriad policy, legal and cultural challenges that can constrain the use of OSINT within the intelligence community.

“Analysts want to do a good job, they want to be able to use information in their analyses,” Zabierek said on “Inside the IC.” “But there are a lot of different issues that I think the community and even Congress really need to address.”

She said Congress could improve how it sets budgets and requirements to advance the role of OSINT, while both Congress and the executive branch need to work through legal issues governing how analysts can use publicly available information, so they can do so while ensuring privacy and civil liberties are protected.

Maria Robson, program coordinator of the Intelligence Project at the Belfer Center, studies how the private sector has increasingly built up OSINT tradecraft over the last two decades. She said while some people retain their security clearances when they move to the private sector, the clearances aren’t providing “nuggets of gold” compared to OSINT.

“A lot of it is just the power of open source information in a way that didn’t exist 10 or 20 years ago,” Robson said on “Inside the IC.” “The distinction that we see here with public and private is the extent of the training on open source intelligence analysis that exists in the private sector that doesn’t necessarily exist in the government because of the access to classified information. And so one of the things I think we need to see is learning from those private sector models in terms of how to train analysts and how to effectively take advantage of all the open source intelligence available.”

]]>
https://federalnewsnetwork.com/inside-ic/2022/04/intel-community-weighs-role-of-open-source-intelligence-amid-ukraine-conflict/feed/ 0
CISA highlights new reporting hotline amid warnings about potential Russian cyber attacks https://federalnewsnetwork.com/inside-ic/2022/03/cisa-highlights-new-reporting-hotline-amid-warnings-about-potential-russian-cyber-attacks/ https://federalnewsnetwork.com/inside-ic/2022/03/cisa-highlights-new-reporting-hotline-amid-warnings-about-potential-russian-cyber-attacks/#respond Tue, 22 Mar 2022 23:00:25 +0000 https://federalnewsnetwork.com/?p=3972776 var config_3974101 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/032322_InsidetheIC_FullEpisode_MixDown_10c4.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"The evolving state of cyber threats in the Russia-Ukraine conflict","description":"[hbidcpodcast podcastid='3974101']nnThe Cybersecurity and Infrastructure Security Agency is highlighting basic cybersecurity standards, a new incident reporting hotline and its known exploited vulnerability catalog, among other measures, as the White House takes an \u201cunprecedented\u201d step in raising a specific warning about potential Russian cyber attacks.nnThe White House on Monday warned it had \u201cevolving intelligence\u201d showing the Russian government may be preparing cyber attacks on U.S. critical infrastructure in response to sanctions levied on Moscow after its invasion of Ukraine.nnDuring a media roundtable hosted by NeoSystems on Tuesday, CISA chief of staff Kiersten Todt said the agency is focused on promoting resiliency across U.S. networks. The agency has been running a <a href="https:\/\/www.cisa.gov\/shields-up">"Shields Up" website<\/a> since Russia invaded Ukraine as a resource for information about potential Russian cyber activities.nn\u201cThe good news there is that often it doesn't require a lot of sophistication necessarily,\u201d Todt said. \u201cWe've got to raise the baseline. And that's why the call to action for encryption, for patching, for multifactor authentication. These are all still the basics that really need to be executed and instituted across the board.\u201dnnCongress also recently passed legislation requiring critical infrastructure operators to report cyber incidents to CISA within 72 hours. But the requirements won\u2019t become effective until CISA finalizes the regulations through a rulemaking process.nnHowever, Todt said CISA recently launched a new hotline, report@cisa.gov, that companies can use if they want to voluntarily report incidents to CISA. The United States Computer Emergency Readiness Team, an organization within CISA, is responsible for coordinating incident response activities.nnTodt said CISA has been working to \u201ccreate trust for incident reporting\u201d by working closely with the private sector through mechanisms like the Joint Cyber Defense Collaborative.nn\u201cThis is such a critical tool, the ability to report incidents in a timely way so that CISA can then take that information and share it across sectors,\u201d she said.nnThe White House\u2019s decision to issue a public warning about specific Russian preparatory actions is an \u201cextraordinary\u201d step after weeks of more generalized statements about Russian cyber threats, according to Glenn Gerstell, former general counsel at the NSA and senior advisor at the Center for Strategic and International Studies.nn\u201cThat's really unprecedented for the President to do this,\u201d Gerstell said during the roundtable. \u201cIt sounds like there's a specific intelligence behind this.\u201dnnWhile the warning may have been unprecedented, some members of the information security community have complained the White House alert was light on details about specific cyber threat intelligence.nnTim Kosiba, the former head of the National Security Agency\u2019s Tailored Access Operations Unit, said public-private collaboration mechanisms like the JCDC and the NSA\u2019s new Cybersecurity Collaboration Center offer venues where officials can share more threat information with industry. Kosiba is now chief executive of bracket f, a government-focused subsidiary of cybersecurity firm Redacted.nn\u201cClearly, there's a reason why information is kept classified, for important reasons, and we, we need to be able to respect that,\u201d Kosiba said in an interview on <a href="https:\/\/federalnewsnetwork.com\/shows\/inside-the-ic-podcast\/">Inside the IC.<\/a> \u201cBut at the same time, we need to be able to partner with private companies, certainly partner with industries throughout our country to ensure that our capabilities are what they need to be.\u201dnnCISA has also continued to update its \u201cKnown Exploited Vulnerabilities Catalog,\u201d including with cybersecurity exploits used by Russia-linked groups, according to Todt. The catalog was established last year under a Binding Operational Directive that requires agencies to patch the listed vulnerabilities within specific time frames.nn\u201cThere's so much data, there's so much out there that if we can help curate that, certainly for the purposes of this conflict, this crisis, this war, then we are we are helping out and we're moving forward,\u201d Todt said.nnKosiba also noted private sector officials in key areas like the energy and financial sectors, respectively, often hold security clearances to receive more sensitive cyber threat information.nn\u201cThere's a ton of sharing that's actually going on, and it will continue to evolve and get better,\u201d Kosiba said. \u201cThe methods and procedures that that the intelligence community uses clearly need to stay classified. But the information that is gleaned from what our adversaries want to actually do to us, or where they want to operate, is incredibly important for industry to be able to develop their defensive capabilities.\u201dnnThe former NSA official said Russia may be particularly focused on areas where sanctions are affecting their economy and citizens.nn\u201cI would clearly think it is in Putin's mind that that he could have an impact of the citizens of this country,\u201d Kosiba said. \u201cEspecially where we are with the sanctions that are being levied on Russia today, certainly impacting their financial sector, their energy sector. So if you think about proportionality, several of those sectors could be targeted by the Russians.\u201d"}};

The Cybersecurity and Infrastructure Security Agency is highlighting basic cybersecurity standards, a new incident reporting hotline and its known exploited vulnerability catalog, among other measures, as the White House takes an “unprecedented” step in raising a specific warning about potential Russian cyber attacks.

The White House on Monday warned it had “evolving intelligence” showing the Russian government may be preparing cyber attacks on U.S. critical infrastructure in response to sanctions levied on Moscow after its invasion of Ukraine.

During a media roundtable hosted by NeoSystems on Tuesday, CISA chief of staff Kiersten Todt said the agency is focused on promoting resiliency across U.S. networks. The agency has been running a “Shields Up” website since Russia invaded Ukraine as a resource for information about potential Russian cyber activities.

“The good news there is that often it doesn’t require a lot of sophistication necessarily,” Todt said. “We’ve got to raise the baseline. And that’s why the call to action for encryption, for patching, for multifactor authentication. These are all still the basics that really need to be executed and instituted across the board.”

Congress also recently passed legislation requiring critical infrastructure operators to report cyber incidents to CISA within 72 hours. But the requirements won’t become effective until CISA finalizes the regulations through a rulemaking process.

However, Todt said CISA recently launched a new hotline, report@cisa.gov, that companies can use if they want to voluntarily report incidents to CISA. The United States Computer Emergency Readiness Team, an organization within CISA, is responsible for coordinating incident response activities.

Todt said CISA has been working to “create trust for incident reporting” by working closely with the private sector through mechanisms like the Joint Cyber Defense Collaborative.

“This is such a critical tool, the ability to report incidents in a timely way so that CISA can then take that information and share it across sectors,” she said.

The White House’s decision to issue a public warning about specific Russian preparatory actions is an “extraordinary” step after weeks of more generalized statements about Russian cyber threats, according to Glenn Gerstell, former general counsel at the NSA and senior advisor at the Center for Strategic and International Studies.

“That’s really unprecedented for the President to do this,” Gerstell said during the roundtable. “It sounds like there’s a specific intelligence behind this.”

While the warning may have been unprecedented, some members of the information security community have complained the White House alert was light on details about specific cyber threat intelligence.

Tim Kosiba, the former head of the National Security Agency’s Tailored Access Operations Unit, said public-private collaboration mechanisms like the JCDC and the NSA’s new Cybersecurity Collaboration Center offer venues where officials can share more threat information with industry. Kosiba is now chief executive of bracket f, a government-focused subsidiary of cybersecurity firm Redacted.

“Clearly, there’s a reason why information is kept classified, for important reasons, and we, we need to be able to respect that,” Kosiba said in an interview on Inside the IC. “But at the same time, we need to be able to partner with private companies, certainly partner with industries throughout our country to ensure that our capabilities are what they need to be.”

CISA has also continued to update its “Known Exploited Vulnerabilities Catalog,” including with cybersecurity exploits used by Russia-linked groups, according to Todt. The catalog was established last year under a Binding Operational Directive that requires agencies to patch the listed vulnerabilities within specific time frames.

“There’s so much data, there’s so much out there that if we can help curate that, certainly for the purposes of this conflict, this crisis, this war, then we are we are helping out and we’re moving forward,” Todt said.

Kosiba also noted private sector officials in key areas like the energy and financial sectors, respectively, often hold security clearances to receive more sensitive cyber threat information.

“There’s a ton of sharing that’s actually going on, and it will continue to evolve and get better,” Kosiba said. “The methods and procedures that that the intelligence community uses clearly need to stay classified. But the information that is gleaned from what our adversaries want to actually do to us, or where they want to operate, is incredibly important for industry to be able to develop their defensive capabilities.”

The former NSA official said Russia may be particularly focused on areas where sanctions are affecting their economy and citizens.

“I would clearly think it is in Putin’s mind that that he could have an impact of the citizens of this country,” Kosiba said. “Especially where we are with the sanctions that are being levied on Russia today, certainly impacting their financial sector, their energy sector. So if you think about proportionality, several of those sectors could be targeted by the Russians.”

]]>
https://federalnewsnetwork.com/inside-ic/2022/03/cisa-highlights-new-reporting-hotline-amid-warnings-about-potential-russian-cyber-attacks/feed/ 0
A former spy chief thinks it’s time to rethink privacy and security https://federalnewsnetwork.com/inside-ic/2022/03/a-former-spy-chief-thinks-its-time-to-re-think-privacy-and-security/ https://federalnewsnetwork.com/inside-ic/2022/03/a-former-spy-chief-thinks-its-time-to-re-think-privacy-and-security/#respond Fri, 11 Mar 2022 23:12:11 +0000 https://federalnewsnetwork.com/?p=3955739 var config_3952066 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/030922_InsidetheIC_FullEpisode_MixDown_vi7k.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"A former spy chief’s view on privacy and security","description":"[hbidcpodcast podcastid='3952066']nn<em>Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive\u2019s daily audio interviews on\u00a0<\/em><a href="https:\/\/itunes.apple.com\/us\/podcast\/federal-drive-with-tom-temin\/id1270799277?mt=2"><i>Apple Podcasts<\/i><\/a><em>\u00a0or\u00a0<a href="https:\/\/www.podcastone.com\/federal-drive-with-tom-temin?pid=1753589">PodcastOne<\/a>.<\/em>nn"We are fast approaching the time in which technology will enable a continuous sensing of all of the world\u2019s activity \u2013 24 hours a day, seven days a week, 365 days a year." That's how former National Geospatial-Intelligence Agency Director Robert Cardillo opened <a href="https:\/\/www.taylorfrancis.com\/chapters\/oa-edit\/10.4324\/9781003164197-22\/geoint-post-secret-world-robert-cardillo">a recent chapter in the CIA's quarterly journal, "National Security Intelligence and Ethics."<\/a>\u00a0 The 35-year intelligence community veteran is among those who say advances in digital technologies require re-thinking of privacy itself. To discuss his views at length, Cardillo joined Justin Doubleday on "Inside the IC."nn<em>Interview transcript:<\/em>n<p style="padding-left: 25px;"><strong>Justin Doubleday:<\/strong> I was wondering if you could just take me into the motivations for writing this article. And why do you think it's important in particular for the intelligence community to be considering these issues?<\/p>n<p style="padding-left: 25px;"><strong>Robert Cardillo:<\/strong> Well, first of all, thanks for having me, Justin, I enjoy interacting and discussing critical issues about our community. But as the article points out, I'm very interested in how our community interacts with those that we serve. And even though that we don't serve, you know, the public directly, I feel strongly that they really are our indirect customer, the end user, if you will, of enhanced and improved decisions by those that are in positions of authority to create improved security or improved awareness or improved society writ large.<\/p>n<p style="padding-left: 25px;">So the reason I drafted this article was it was a summation of my career in two ways. One, I was kind of born into the imagery business, we now call geospatial, as a photographic interpreter and imagery analyst back in the day when the government was literally a monopolistic owner of that space. We could do things that no one else could do, we had access to the space that no one else had. And so much of our advantage in those days was through unique technology and unique budgets, etc. And my experience in my government career was I lived through, not that that completely dissipated, but the drawing down of 'Hey, it's only a government game' and the rise of commercial technology and capabilities. And then when I was when I was in the White House working for DNI [James] Clapper in 2010 to 2014, we experienced the results of the of the Snowden releases.<\/p>n<p style="padding-left: 25px;">And now he was focused on signals intelligence, and predominantly the work of the National Security Agency. But I can imagine a day, as I said in the article, about a time when the kind of persistence that we've either come to live with or not live, we're trying to figure out to live with, with our phones, and with our apps, and with GPS technology, I think we're going to have to have that conversation about sensing. And I purposely didn't say remote sensing, because I think some of the sensing will be direct, whether you're on the corner of a major metropolitan area, or walking in front of a business with the CCTV camera, etc., or being sensed from space. And it was my view that I would prefer to have this conversation between the citizens that are proposed to be protected by those capabilities. And how does that align, how does that balance, how does that interact with what also makes us American, which is valuing privacy, individual liberty, etc.<\/p>n<p style="padding-left: 25px;">You know, when we go to bed at night, we go to bed at night, you know, put our head down on a pillow with the kind of the sense of security. Oh, good, I'm protected in my home or in my community, etc., from bad actors and forces. And I thank the government writ large for doing that, right. That's part of the deal I make with the government. And then you wake up in the morning and you go, 'Well, I'm not sure how much I want that government involved in my life.' So we've got this tension in our society that isn't new. And I just through the article wanted to kind of maybe lead the discussion before it was a crisis, before we had some 'aha' moment in which we were kind of find ourselves in a corner of a debate in Washington. An old mentor of mine told me one time, he said, 'Look, if you're explaining in Washington, you're losing.' Meaning, if you're justifying something after the fact, it's very hard to do it. So the point of the article was, 'Let's start the conversation now.'<\/p>n<p style="padding-left: 25px;"><strong>Justin Doubleday:<\/strong> Sure. And you know, as you point out, the Snowden leaks were eight years ago or over eight years ago now, and this is not an entirely new issue, but it's one that's constantly been evolving. What do you think intelligence professionals bring to this debate? Because on the face of it, you would think that a more data out there about a whole range of different activities is probably something that as an intelligence community professional, you'd be pretty happy to see. But on the privacy front, what interest do you think the IC has in that issue? And what kind of perspective do you think professionals like yourself bring to this this privacy debate, which is a very broad debate that's happening across government and U.S. society and the globe as a whole?<\/p>n<p style="padding-left: 25px;"><strong>Robert Cardillo:<\/strong> Well, I guess I come to it from a core belief that there's really one reason why governments, and we're talking about liberal democracies, lowercase d, in our case, create intelligence services. And in my view is they're created to really do one thing: to enable better decision making, right? And they do that through myriad ways, right? You provide a bit of data they didn't know or you contextualize it away, or you frame it, or you assess it, or you project it, or you forecast it. And all those things that the intelligence community does, so that a decision maker can say, 'Oh, okay, I better understand my choices here. And I'm going to now do A versus B.' And again, that decision maker sometimes is in a suit, and sometimes in a uniform, and sometimes that uniform's military or its first responder, etc, there's many different layers of people that consume. But all of those officials, all of those decision makers are representative of those who send them there in one way, shape, or form. And in our society. That's the electoral process. And that's our governance and so they're there to serve those citizens.<\/p>n<p style="padding-left: 25px;">Now don't get me wrong. I don't think the intelligence community should be leading this discussion. I think for two reasons. One, I think we're a supporter, and I think we're good at supporting. And two look, I think that there's probably, there's just baggage here, and by the way, you can replace baggage, with bias. We all have it, we all carry it with us. And it's unnatural for humans to have a bias because of where they come from, and how they, you know, the way they learned and, and their life experiences, all that goes into inform it. So I think in our society, the intelligence community should be a supporter of this conversation.<\/p>n<p style="padding-left: 25px;">You know, if Robert were in charge, really it should be our elected officials that should be leading this conversation. I realize that it's harder these days to think about sober minded, you know, rational debates about big policy issues. We seem to be less good at that these days. But anyway, back to your question, I still think it's the IC's responsibility to, if not lead the conversation, at least promote it or provoke it in a constructive way. And again, I mean, I'm not I'm not saying things would have been different, you know, at the end of the day, given the Snowden leaks, but I do believe that like post-9\/11, right, America had been attacked in a way it hadn't been since 1941. And obviously, in many ways, it had never been attacked before. The country was reeling, was looking for leadership, was looking for a sense of, 'Okay, where do we go from here?'<\/p>n<p style="padding-left: 25px;">Now, this is hindsight 20\/20. So feel free to critique it. But I could imagine in such an environment, I wonder if we couldn't have gone to the American people in 2001, 'Look, it's a really different planet than the one that existed two months ago, given what's happened, and the threat is quite different than the one that we had prepared for. And we propose a different level of balance between individual liberty, privacy and security. And this means that if we're going to protect ourselves from the next attack, or from a non-state actor, as we did on 9\/11, we're just going to need different authorities.' Now, that debate happened. I wasn't part of it, but that happened in secret. It happened within government circles. And look, I'm not second guessing those people's decisions or the assumptions they made. I'm just saying that now, we are here in 2022. The digitization of the world has done nothing but accelerate. The constant ability to fully track movement and activity around our planet just goes up almost every day. I think it's time for a new conversation about that overall balance and I'll finish with this, maybe because it is hard to have, and risky to have, right, if you're an elected official, to have this conversation, because probably by definition, you will annoy 42% of our population depending which way you come out on that. It's probably easier to kick that can and I'm just in the article arguing that maybe we we can't afford to kick it anymore.<\/p>n<p style="padding-left: 25px;"><strong>Justin Doubleday:<\/strong> And in the article, you also raised the concept of "geospatial singularity," kind of what we were talking about earlier, where, where real time Earth observations with analytics are available to anyone. A range of different services that used to be the exclusive realm of intelligence agencies. And I'm wondering how do you think the IC, and in particular, your old agency, NGA, is grappling with this new reality?<\/p>n<p style="padding-left: 25px;"><strong>Robert Cardillo:<\/strong> So first, I want to again pay tribute to Josef Koller, a friend and colleague, who, at least to my knowledge, coined the phrase with a paper that he had written. And I really like it, one, because it's kind of very descriptive. It's a bit of a attention grabbing. 'Singularity' sounds a little scary, right? And which I like. So I like the fact that Josef was able to kind of capture both of those things. It's interesting when you bring in NGA, my home agency, and where I was born and raised and had the privilege to lead from '14 to '19. I mean, it's big organization, so I'm going to be synthesizing kind of the debates as I saw them and understand them. But it's fundamentally this, NGA is both a member of the intelligence community. So it works for the Director of National Intelligence, but it's also a Combat Support Agency, which means it's got responsibilities to the Department of Defense.<\/p>n<p style="padding-left: 25px;">And by the way, the National Security Agency has a similar kind of straddle, and so does the National Reconnaissance Office, Defense Intelligence Agency, so the NGA is not unique. But I say that to say that, it's got its own balance challenge, because it has a mission to advance and improve decisions, as I said at the top but the way NGA has done that, historically, is to illuminate, expose, and document adversarial capabilities, and when it can, infer intentions on top of those capabilities. So such and such a country, North Korea is an easy one to pick, has this in that system, this in that unit and these deployments. And to me, I call that the content that is necessary to join the game. But it's also the context, meaning it's the frame of reference, so you can understand those physical capabilities. The real hard part of being a geospatial-intelligence officer isn't isn't the 'what and where' question. And we can come back to this, computers are getting much better at that, identifying objects and locating those objects. The really hard question, and the one that the decision makers needs most is the 'why' question and the 'what's next' question.<\/p>n<p style="padding-left: 25px;">And at least today, computers are not so good at those. Who knows where we'll go with, you know, computer evolutions and the move to true AI. But one of the debates at NGA has to do with, I won't call it a divide, but the tension between those two I was very supportive of pushing as much as we possibly could, on the 'what and where' to computer assisted, I called it "augmentation and automation." I tried to stay away from "artificial intelligence" just because it's just such a loaded term. And it means so many different things to different people. But things like computer vision is pretty straightforward. And you know, object identification. I mean, computers just are getting better and better at it. I wanted to take the NGA analysts and not eliminate them but elevate them. So take them above those questions. Let the computer do the "what and where." You do the "why and what's next" and look, like I said it's a big organization. Some people that resonated with them, kind of motivated them to move to those higher level questions. Some felt threatened by the computer. "Wait a minute, they're going to come in and do my job, then what are you gonna do with me?" And I kept telling them, "Those other two questions are what I'm going to do with you." But I won't kid you, there was a tension.<\/p>n<p style="padding-left: 25px;">And to be frank, with respect to my article, that is not a big debate at NGA, okay, for two reasons. One, NGA has got a mission to do. And they do it. And two, they are prohibited from applying their capabilities against the U.S. So it's just, hey, we don't we don't do that. And we don't. Now we can support activities in the US, for example, floods, fires, etc. But there's a very meticulous legal process by which we go through to support the FBI or FEMA or California Fire, whoever it is, to make sure that we can't and don't do anything against American citizens. So for that reason, NGA, there isn't an active debate inside there. But people shouldn't worry about that. They're, quite frankly, there shouldn't be. It's very clean there. But now that I'm in the commercial world, you know, and working with both, satellite providers and data analytics companies and computer vision applications, they can and should and do wrestle with it quite often. Because frankly, look, that's going to be a different terms of use, right, then the Starbucks and Home Depot, if you sign on to that service. And I think there's a lot to be learned from the kind of communications and signals analogies, both good and bad. But again, if I had a single intent, it was like, let's get on with the debate, even if we're not quite sure how to have it yet.<\/p>n<p style="padding-left: 25px;"><strong>Justin Doubleday:<\/strong> Yeah, that's an interesting point, because beyond just pure political dysfunction, one of the big things holding back some sort of big push to reform privacy laws is commercial companies who are able to use this data and whose value is derived from gathering all of this data from us. So you brought it up, now that you've been out for two years and working with geospatial companies and the like, what are the debates within those companies? How far do you think they're willing to go and allowing for not allowing for but backing privacy debate? And where do they draw the red lines In your view?<\/p>n<p style="padding-left: 25px;"><strong>Robert Cardillo:<\/strong> You get a little nervous when an intelligence officer begins his answer with "it depends," but it does depend. So I'm going to talk you through a couple of depends. You know, in my new world, I work with some, I'm just going to call them "traditional defense intelligence or defense industrial partners." And the audience, you can think of them, the big primes, the big movers, the big industrial giants that, quite frankly, have served this nation very well, with their capabilities and their services. For good and for bad, I have found them to be very government-like, when I came out. Now, I don't think that should be a surprise, because quite frankly, the government kind of created them, right? They kind of said, 'Look, we need somebody to build a whole lot of airplanes really fast, or tanks, or rockets or whatnot, they need to have all these protections, they need to have all these capabilities.' And so the bureaucracy that the government had just kind of went over to the those kind of corporate giants.<\/p>n<p style="padding-left: 25px;">And then you've got kind of a middle tier of companies, they're not startups, they're not fresh out of MIT or Stanford. But they haven't yet scaled in a way that provides their service broadly across the community. So perhaps they're an Air Force partner or a Space Force or a Defense Intelligence Agency partner. But it's relatively bespoke. And so it's a pretty narrow piece. And then the third category is some startups and some new companies that, at least it's been my experience, are having much more of the debate. And you know, one case in point, I chair the board of called Planet Federal, so planet is a small satellite company that provides remote sensing services around the planet and has for a number of years. They have a subsidiary that does their federal business. And that's where I sit. I guess what I found interesting in my experience at Planet is there's one part of their history and their ethos, and they recently went public, so they're now a publicly traded company, but they went public as a public benefit corporation, which is a very particular way to be a public company. And you still have all the fiduciary responsibilities to your shareholders to maximize return on investment, but you also are obliged to adhere to some high level goals for broader public benefit. And it's not a new construct, but it's becoming more in vogue these days because I think people are wanting to have the debate.<\/p>n<p style="padding-left: 25px;">And especially a company like Planet, which they can actually see the whole globe once a day. Now, they see it at pretty gross resolutions, so people shouldn't be worried about them tracking license plates, etc. But you shouldn't think of any of that sensing capability in isolation. Because this was especially true in the intelligence community, there was almost never an answer that was worthwhile that came from a single source. It's multiple sources coming together to tell a story. And again, speaking about my experience with Planet, they're well aware that, okay, it would be difficult for us to imagine abuse of our imaging, just given its resolution and periodicity in the spectral range. However, we could imagine if somebody were to combine our imagery with some sort of mobile device tracking element, and watching that over time to develop patterns of activity and inferring information, and if it was an authoritarian government, could they use that information in a way to control the population that doesn't comport with our values? That's the debate that happens within Planet and they go through those use cases, and they put language into their contracts that talk about international law, and the adherence to and respect for civil liberties, etc.<\/p>n<p style="padding-left: 25px;">Now, none of those are airtight, of course, right. The world is a messy place. But I use them as an example that I certainly see and experience more of those debates that, quite frankly, are at the commercial world. And let's face it, again, I wasn't involved in this, but if you recall one of the shooting events in California, and the alleged perpetrator had an iPhone, and I remember the FBI wanted to get into the iPhone, but the perpetrator put a code on it, the four-digit or six- digit code. And I remember that battle between FBI and Apple, and Apple said, "No." I don't recall how it ended up turning out whether a court ordered it to turn it over or not. And by the way, I don't work for Apple, so this is not a commercial, but I'm sympathetic with the point of view. Because remember what I said earlier that I was willing to hit "Yes" on Starbucks, because I trusted them. Obviously, if I'm gonna buy an Apple product or service at some level, I'm gonna have to trust them to keep my data. In this case, remember, I talked about well, "What happens when the government shows up?" Well, guess what the government showed up and said, I want into that data. And I guess that's another good example of let's not wait for that to happen in extremis. The ticking time bomb scenario, or, you know, we're trying to solve a crime here. Let's let's posit those potential outcomes now, so that we least we can have at least a more civilized debate before emotions are high, and tensions are strong.<\/p>n<p style="padding-left: 25px;"><strong>Justin Doubleday:<\/strong> Yeah. And as you point out, these decisions are being made for us by by companies, regardless of whether we acknowledge it or know it or not. But what do you hope happens here in the near term, to drive this debate forward? What are you looking out for?<\/p>n<p style="padding-left: 25px;"><strong>Robert Cardillo:<\/strong> If I can dream for a minute, I will. And I would love something, open hearings at the congressional level. I'm not sure it should be the intelligence committees because what I said earlier about kind of that baggage that comes. I think they should be present at these hearings. And maybe they're not even hearings, maybe the more like town halls, and I'm going to be a little theatrical here. I don't think they should be in Washington. We should go to Des Moines, we should go to Peoria, we should go to Gainesville, Florida, wherever, like I said because, again, you're going to think I've got rose colored contacts on here. Ultimately, I believe that the strength of our government is critically tied to the confidence from the governed, meaning, that level of confidence that those those of us that are putting our head down at night, you know, "Yep, I'm good, I feel safe, I feel secure, I feel, etc." You know, it's a monstrous topic, I get it. And so I appreciate why people want to avoid it or easy to say, "We'll do it next year." But what I'd like to see is to have it elevated. And I like the idea of congressional engagement because direct representation of the people and they don't really have a dog in the fight with respect to running the IC. I mean, they oversee it, they fund it, they appropriate it, etc, etc. But they don't run it. And so you'd have some distance there, too.<\/p>n<p style="padding-left: 25px;">Now, if I kind of come back to reality and go, "Well, that's probably not going to happen in today's political environment." We got a lot of things going on and whatnot. I do think that there are some government officials that could take this on, take on as in, you know, lead this discussion or debate. Perhaps it can come from Justice in the sense that this is a this is an equation between the liberty, privacy and security. They deal with this a lot. Again, I imagine the Director of National Intelligence or his or her, in this case, her representative kind of being on the wing of that discussion, not being up front. And I think somebody from the Pentagon should be involved too, because there's so much interplay between security and intelligence, which is fully appropriate. But even of late we've seen the, I'll say, the fraying of the edges around, what are we defending? You know, I mean, is it just nation states? Are their internal threats that need to be deal with? Are there fringe elements, you know, from either side of the political spectrum, etc? And by the way, the government can do these things through some third parties, you know, there's think tanks that can host these, with the right officials, you have federally funded research and development companies, such as you know, Mitre and Aerospace [Corp.] that can help do that. So I do think there's ways to do that probably at the executive level, where you could bring maybe a hybrid approach.<\/p>"}};

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

“We are fast approaching the time in which technology will enable a continuous sensing of all of the world’s activity – 24 hours a day, seven days a week, 365 days a year.” That’s how former National Geospatial-Intelligence Agency Director Robert Cardillo opened a recent chapter in the CIA’s quarterly journal, “National Security Intelligence and Ethics.”  The 35-year intelligence community veteran is among those who say advances in digital technologies require re-thinking of privacy itself. To discuss his views at length, Cardillo joined Justin Doubleday on “Inside the IC.”

Interview transcript:

Justin Doubleday: I was wondering if you could just take me into the motivations for writing this article. And why do you think it’s important in particular for the intelligence community to be considering these issues?

Robert Cardillo: Well, first of all, thanks for having me, Justin, I enjoy interacting and discussing critical issues about our community. But as the article points out, I’m very interested in how our community interacts with those that we serve. And even though that we don’t serve, you know, the public directly, I feel strongly that they really are our indirect customer, the end user, if you will, of enhanced and improved decisions by those that are in positions of authority to create improved security or improved awareness or improved society writ large.

So the reason I drafted this article was it was a summation of my career in two ways. One, I was kind of born into the imagery business, we now call geospatial, as a photographic interpreter and imagery analyst back in the day when the government was literally a monopolistic owner of that space. We could do things that no one else could do, we had access to the space that no one else had. And so much of our advantage in those days was through unique technology and unique budgets, etc. And my experience in my government career was I lived through, not that that completely dissipated, but the drawing down of ‘Hey, it’s only a government game’ and the rise of commercial technology and capabilities. And then when I was when I was in the White House working for DNI [James] Clapper in 2010 to 2014, we experienced the results of the of the Snowden releases.

And now he was focused on signals intelligence, and predominantly the work of the National Security Agency. But I can imagine a day, as I said in the article, about a time when the kind of persistence that we’ve either come to live with or not live, we’re trying to figure out to live with, with our phones, and with our apps, and with GPS technology, I think we’re going to have to have that conversation about sensing. And I purposely didn’t say remote sensing, because I think some of the sensing will be direct, whether you’re on the corner of a major metropolitan area, or walking in front of a business with the CCTV camera, etc., or being sensed from space. And it was my view that I would prefer to have this conversation between the citizens that are proposed to be protected by those capabilities. And how does that align, how does that balance, how does that interact with what also makes us American, which is valuing privacy, individual liberty, etc.

You know, when we go to bed at night, we go to bed at night, you know, put our head down on a pillow with the kind of the sense of security. Oh, good, I’m protected in my home or in my community, etc., from bad actors and forces. And I thank the government writ large for doing that, right. That’s part of the deal I make with the government. And then you wake up in the morning and you go, ‘Well, I’m not sure how much I want that government involved in my life.’ So we’ve got this tension in our society that isn’t new. And I just through the article wanted to kind of maybe lead the discussion before it was a crisis, before we had some ‘aha’ moment in which we were kind of find ourselves in a corner of a debate in Washington. An old mentor of mine told me one time, he said, ‘Look, if you’re explaining in Washington, you’re losing.’ Meaning, if you’re justifying something after the fact, it’s very hard to do it. So the point of the article was, ‘Let’s start the conversation now.’

Justin Doubleday: Sure. And you know, as you point out, the Snowden leaks were eight years ago or over eight years ago now, and this is not an entirely new issue, but it’s one that’s constantly been evolving. What do you think intelligence professionals bring to this debate? Because on the face of it, you would think that a more data out there about a whole range of different activities is probably something that as an intelligence community professional, you’d be pretty happy to see. But on the privacy front, what interest do you think the IC has in that issue? And what kind of perspective do you think professionals like yourself bring to this this privacy debate, which is a very broad debate that’s happening across government and U.S. society and the globe as a whole?

Robert Cardillo: Well, I guess I come to it from a core belief that there’s really one reason why governments, and we’re talking about liberal democracies, lowercase d, in our case, create intelligence services. And in my view is they’re created to really do one thing: to enable better decision making, right? And they do that through myriad ways, right? You provide a bit of data they didn’t know or you contextualize it away, or you frame it, or you assess it, or you project it, or you forecast it. And all those things that the intelligence community does, so that a decision maker can say, ‘Oh, okay, I better understand my choices here. And I’m going to now do A versus B.’ And again, that decision maker sometimes is in a suit, and sometimes in a uniform, and sometimes that uniform’s military or its first responder, etc, there’s many different layers of people that consume. But all of those officials, all of those decision makers are representative of those who send them there in one way, shape, or form. And in our society. That’s the electoral process. And that’s our governance and so they’re there to serve those citizens.

Now don’t get me wrong. I don’t think the intelligence community should be leading this discussion. I think for two reasons. One, I think we’re a supporter, and I think we’re good at supporting. And two look, I think that there’s probably, there’s just baggage here, and by the way, you can replace baggage, with bias. We all have it, we all carry it with us. And it’s unnatural for humans to have a bias because of where they come from, and how they, you know, the way they learned and, and their life experiences, all that goes into inform it. So I think in our society, the intelligence community should be a supporter of this conversation.

You know, if Robert were in charge, really it should be our elected officials that should be leading this conversation. I realize that it’s harder these days to think about sober minded, you know, rational debates about big policy issues. We seem to be less good at that these days. But anyway, back to your question, I still think it’s the IC’s responsibility to, if not lead the conversation, at least promote it or provoke it in a constructive way. And again, I mean, I’m not I’m not saying things would have been different, you know, at the end of the day, given the Snowden leaks, but I do believe that like post-9/11, right, America had been attacked in a way it hadn’t been since 1941. And obviously, in many ways, it had never been attacked before. The country was reeling, was looking for leadership, was looking for a sense of, ‘Okay, where do we go from here?’

Now, this is hindsight 20/20. So feel free to critique it. But I could imagine in such an environment, I wonder if we couldn’t have gone to the American people in 2001, ‘Look, it’s a really different planet than the one that existed two months ago, given what’s happened, and the threat is quite different than the one that we had prepared for. And we propose a different level of balance between individual liberty, privacy and security. And this means that if we’re going to protect ourselves from the next attack, or from a non-state actor, as we did on 9/11, we’re just going to need different authorities.’ Now, that debate happened. I wasn’t part of it, but that happened in secret. It happened within government circles. And look, I’m not second guessing those people’s decisions or the assumptions they made. I’m just saying that now, we are here in 2022. The digitization of the world has done nothing but accelerate. The constant ability to fully track movement and activity around our planet just goes up almost every day. I think it’s time for a new conversation about that overall balance and I’ll finish with this, maybe because it is hard to have, and risky to have, right, if you’re an elected official, to have this conversation, because probably by definition, you will annoy 42% of our population depending which way you come out on that. It’s probably easier to kick that can and I’m just in the article arguing that maybe we we can’t afford to kick it anymore.

Justin Doubleday: And in the article, you also raised the concept of “geospatial singularity,” kind of what we were talking about earlier, where, where real time Earth observations with analytics are available to anyone. A range of different services that used to be the exclusive realm of intelligence agencies. And I’m wondering how do you think the IC, and in particular, your old agency, NGA, is grappling with this new reality?

Robert Cardillo: So first, I want to again pay tribute to Josef Koller, a friend and colleague, who, at least to my knowledge, coined the phrase with a paper that he had written. And I really like it, one, because it’s kind of very descriptive. It’s a bit of a attention grabbing. ‘Singularity’ sounds a little scary, right? And which I like. So I like the fact that Josef was able to kind of capture both of those things. It’s interesting when you bring in NGA, my home agency, and where I was born and raised and had the privilege to lead from ’14 to ’19. I mean, it’s big organization, so I’m going to be synthesizing kind of the debates as I saw them and understand them. But it’s fundamentally this, NGA is both a member of the intelligence community. So it works for the Director of National Intelligence, but it’s also a Combat Support Agency, which means it’s got responsibilities to the Department of Defense.

And by the way, the National Security Agency has a similar kind of straddle, and so does the National Reconnaissance Office, Defense Intelligence Agency, so the NGA is not unique. But I say that to say that, it’s got its own balance challenge, because it has a mission to advance and improve decisions, as I said at the top but the way NGA has done that, historically, is to illuminate, expose, and document adversarial capabilities, and when it can, infer intentions on top of those capabilities. So such and such a country, North Korea is an easy one to pick, has this in that system, this in that unit and these deployments. And to me, I call that the content that is necessary to join the game. But it’s also the context, meaning it’s the frame of reference, so you can understand those physical capabilities. The real hard part of being a geospatial-intelligence officer isn’t isn’t the ‘what and where’ question. And we can come back to this, computers are getting much better at that, identifying objects and locating those objects. The really hard question, and the one that the decision makers needs most is the ‘why’ question and the ‘what’s next’ question.

And at least today, computers are not so good at those. Who knows where we’ll go with, you know, computer evolutions and the move to true AI. But one of the debates at NGA has to do with, I won’t call it a divide, but the tension between those two I was very supportive of pushing as much as we possibly could, on the ‘what and where’ to computer assisted, I called it “augmentation and automation.” I tried to stay away from “artificial intelligence” just because it’s just such a loaded term. And it means so many different things to different people. But things like computer vision is pretty straightforward. And you know, object identification. I mean, computers just are getting better and better at it. I wanted to take the NGA analysts and not eliminate them but elevate them. So take them above those questions. Let the computer do the “what and where.” You do the “why and what’s next” and look, like I said it’s a big organization. Some people that resonated with them, kind of motivated them to move to those higher level questions. Some felt threatened by the computer. “Wait a minute, they’re going to come in and do my job, then what are you gonna do with me?” And I kept telling them, “Those other two questions are what I’m going to do with you.” But I won’t kid you, there was a tension.

And to be frank, with respect to my article, that is not a big debate at NGA, okay, for two reasons. One, NGA has got a mission to do. And they do it. And two, they are prohibited from applying their capabilities against the U.S. So it’s just, hey, we don’t we don’t do that. And we don’t. Now we can support activities in the US, for example, floods, fires, etc. But there’s a very meticulous legal process by which we go through to support the FBI or FEMA or California Fire, whoever it is, to make sure that we can’t and don’t do anything against American citizens. So for that reason, NGA, there isn’t an active debate inside there. But people shouldn’t worry about that. They’re, quite frankly, there shouldn’t be. It’s very clean there. But now that I’m in the commercial world, you know, and working with both, satellite providers and data analytics companies and computer vision applications, they can and should and do wrestle with it quite often. Because frankly, look, that’s going to be a different terms of use, right, then the Starbucks and Home Depot, if you sign on to that service. And I think there’s a lot to be learned from the kind of communications and signals analogies, both good and bad. But again, if I had a single intent, it was like, let’s get on with the debate, even if we’re not quite sure how to have it yet.

Justin Doubleday: Yeah, that’s an interesting point, because beyond just pure political dysfunction, one of the big things holding back some sort of big push to reform privacy laws is commercial companies who are able to use this data and whose value is derived from gathering all of this data from us. So you brought it up, now that you’ve been out for two years and working with geospatial companies and the like, what are the debates within those companies? How far do you think they’re willing to go and allowing for not allowing for but backing privacy debate? And where do they draw the red lines In your view?

Robert Cardillo: You get a little nervous when an intelligence officer begins his answer with “it depends,” but it does depend. So I’m going to talk you through a couple of depends. You know, in my new world, I work with some, I’m just going to call them “traditional defense intelligence or defense industrial partners.” And the audience, you can think of them, the big primes, the big movers, the big industrial giants that, quite frankly, have served this nation very well, with their capabilities and their services. For good and for bad, I have found them to be very government-like, when I came out. Now, I don’t think that should be a surprise, because quite frankly, the government kind of created them, right? They kind of said, ‘Look, we need somebody to build a whole lot of airplanes really fast, or tanks, or rockets or whatnot, they need to have all these protections, they need to have all these capabilities.’ And so the bureaucracy that the government had just kind of went over to the those kind of corporate giants.

And then you’ve got kind of a middle tier of companies, they’re not startups, they’re not fresh out of MIT or Stanford. But they haven’t yet scaled in a way that provides their service broadly across the community. So perhaps they’re an Air Force partner or a Space Force or a Defense Intelligence Agency partner. But it’s relatively bespoke. And so it’s a pretty narrow piece. And then the third category is some startups and some new companies that, at least it’s been my experience, are having much more of the debate. And you know, one case in point, I chair the board of called Planet Federal, so planet is a small satellite company that provides remote sensing services around the planet and has for a number of years. They have a subsidiary that does their federal business. And that’s where I sit. I guess what I found interesting in my experience at Planet is there’s one part of their history and their ethos, and they recently went public, so they’re now a publicly traded company, but they went public as a public benefit corporation, which is a very particular way to be a public company. And you still have all the fiduciary responsibilities to your shareholders to maximize return on investment, but you also are obliged to adhere to some high level goals for broader public benefit. And it’s not a new construct, but it’s becoming more in vogue these days because I think people are wanting to have the debate.

And especially a company like Planet, which they can actually see the whole globe once a day. Now, they see it at pretty gross resolutions, so people shouldn’t be worried about them tracking license plates, etc. But you shouldn’t think of any of that sensing capability in isolation. Because this was especially true in the intelligence community, there was almost never an answer that was worthwhile that came from a single source. It’s multiple sources coming together to tell a story. And again, speaking about my experience with Planet, they’re well aware that, okay, it would be difficult for us to imagine abuse of our imaging, just given its resolution and periodicity in the spectral range. However, we could imagine if somebody were to combine our imagery with some sort of mobile device tracking element, and watching that over time to develop patterns of activity and inferring information, and if it was an authoritarian government, could they use that information in a way to control the population that doesn’t comport with our values? That’s the debate that happens within Planet and they go through those use cases, and they put language into their contracts that talk about international law, and the adherence to and respect for civil liberties, etc.

Now, none of those are airtight, of course, right. The world is a messy place. But I use them as an example that I certainly see and experience more of those debates that, quite frankly, are at the commercial world. And let’s face it, again, I wasn’t involved in this, but if you recall one of the shooting events in California, and the alleged perpetrator had an iPhone, and I remember the FBI wanted to get into the iPhone, but the perpetrator put a code on it, the four-digit or six- digit code. And I remember that battle between FBI and Apple, and Apple said, “No.” I don’t recall how it ended up turning out whether a court ordered it to turn it over or not. And by the way, I don’t work for Apple, so this is not a commercial, but I’m sympathetic with the point of view. Because remember what I said earlier that I was willing to hit “Yes” on Starbucks, because I trusted them. Obviously, if I’m gonna buy an Apple product or service at some level, I’m gonna have to trust them to keep my data. In this case, remember, I talked about well, “What happens when the government shows up?” Well, guess what the government showed up and said, I want into that data. And I guess that’s another good example of let’s not wait for that to happen in extremis. The ticking time bomb scenario, or, you know, we’re trying to solve a crime here. Let’s let’s posit those potential outcomes now, so that we least we can have at least a more civilized debate before emotions are high, and tensions are strong.

Justin Doubleday: Yeah. And as you point out, these decisions are being made for us by by companies, regardless of whether we acknowledge it or know it or not. But what do you hope happens here in the near term, to drive this debate forward? What are you looking out for?

Robert Cardillo: If I can dream for a minute, I will. And I would love something, open hearings at the congressional level. I’m not sure it should be the intelligence committees because what I said earlier about kind of that baggage that comes. I think they should be present at these hearings. And maybe they’re not even hearings, maybe the more like town halls, and I’m going to be a little theatrical here. I don’t think they should be in Washington. We should go to Des Moines, we should go to Peoria, we should go to Gainesville, Florida, wherever, like I said because, again, you’re going to think I’ve got rose colored contacts on here. Ultimately, I believe that the strength of our government is critically tied to the confidence from the governed, meaning, that level of confidence that those those of us that are putting our head down at night, you know, “Yep, I’m good, I feel safe, I feel secure, I feel, etc.” You know, it’s a monstrous topic, I get it. And so I appreciate why people want to avoid it or easy to say, “We’ll do it next year.” But what I’d like to see is to have it elevated. And I like the idea of congressional engagement because direct representation of the people and they don’t really have a dog in the fight with respect to running the IC. I mean, they oversee it, they fund it, they appropriate it, etc, etc. But they don’t run it. And so you’d have some distance there, too.

Now, if I kind of come back to reality and go, “Well, that’s probably not going to happen in today’s political environment.” We got a lot of things going on and whatnot. I do think that there are some government officials that could take this on, take on as in, you know, lead this discussion or debate. Perhaps it can come from Justice in the sense that this is a this is an equation between the liberty, privacy and security. They deal with this a lot. Again, I imagine the Director of National Intelligence or his or her, in this case, her representative kind of being on the wing of that discussion, not being up front. And I think somebody from the Pentagon should be involved too, because there’s so much interplay between security and intelligence, which is fully appropriate. But even of late we’ve seen the, I’ll say, the fraying of the edges around, what are we defending? You know, I mean, is it just nation states? Are their internal threats that need to be deal with? Are there fringe elements, you know, from either side of the political spectrum, etc? And by the way, the government can do these things through some third parties, you know, there’s think tanks that can host these, with the right officials, you have federally funded research and development companies, such as you know, Mitre and Aerospace [Corp.] that can help do that. So I do think there’s ways to do that probably at the executive level, where you could bring maybe a hybrid approach.

]]>
https://federalnewsnetwork.com/inside-ic/2022/03/a-former-spy-chief-thinks-its-time-to-re-think-privacy-and-security/feed/ 0
NGA developing commercial buying guide for satellite imagery https://federalnewsnetwork.com/inside-ic/2022/02/nga-developing-commercial-buying-guide-for-satellite-imagery/ https://federalnewsnetwork.com/inside-ic/2022/02/nga-developing-commercial-buying-guide-for-satellite-imagery/#respond Fri, 25 Feb 2022 17:04:07 +0000 https://federalnewsnetwork.com/?p=3930168 The National Geospatial-Intelligence Agency is building a commercial buying guide for its partners across the defense, intelligence and federal community, as the agency increasingly turns to commercial sources for imagery analysis and other geospatial intelligence.

Dave Gauthier, director of commercial and business operations at NGA, said the “commercial supplier matrix” will help match users who may need airfield monitoring, for instance, with the best service available to them.

“The intent is for my organization to have the best information or knowledge about all these capabilities out there in the supply side,” Gauthier said during an interview on “Inside the IC.” “And then take the requirements we get from our users and do the best we can at orchestrating and matching commercial supplier solutions to the needs of our users.”

NGA is leading a shift toward turning to commercial sources of GEOINT as “primary sources” of intelligence, as opposed to internal, often highly classified capabilities. The shift is spelled out in NGA’s latest commercial GEOINT strategy released in the fall.

With so much commercial imagery now available, Gauthier said NGA is also making a “fundamental shift” toward commercial analytic services, rather than just trying to obtain imagery and other rawer forms of intelligence for its analysts.

“It’s this idea that companies themselves, either the imagery providers or in partnership with analytics companies, will work to extract information from imagery, and provide us what I like to call the box scores instead of the game tape,” he said.

Intelligence analysts also have new forms of intelligence, termed “phenomenologies,” available to them on the commercial market beyond imagery, including radio-frequency information, social media feeds and other Internet-derived data.

“With so many different types of suppliers, and so many opportunities to pull in these services, we really have to provide a catalog of capabilities to our user community,” Gauthier said.

The platform’s initial release is intended for intelligence, defense and federal civilian agencies, but some aspect of it could be made available to the public, he said.

Gauthier said the platform is currently in testing.

“It’s still being built in [and] populated today,” he said. “We do have a community of beta testers to help us understand and make sure we’re answering the questions and can anticipate the questions that those users would have when they want to research this information for their own decision making.”

Commercial-first strategy takes hold

NGA’s commercial-first strategy represents a “monumental shift” for the intelligence community that has traditionally relied on government systems to glean information about the Earth, Gauthier said. NGA has been using commercial capabilities since the first companies formed the market in the 1990s and early 2000s, but typically as secondary sources.

“For the past 20 years, our philosophy, our culture has been one of augmenting what we do internally with some additional information that can be procured from the commercial market,” he said. “And so it’s always been government systems as primary source with augmentation from commercial capabilities as we could.”

Many commercial satellite operations started out to monitor agricultural operations or to search for opportunities in oil and gas. Now NGA is watching as satellite companies begin to fill a void for information about where to put solar farms, or provide imagery for urban planners developing schematics for smart cities.

“We’re also looking at a large upsurge in funding for climate and environmental projects around the world,” Gauthier said. “So there are some companies who are fully funding satellites based on charitable contributions that are interested in climate change. And so those are all very new investments that are also propelling our market forward.”

Beyond traditional satellite imagery, NGA is closely watching the radar imaging market, Gauthier said. The National Reconnaissance Office recently awarded contracts to five commercial synthetic aperture radar vendors.

“We will be seeing hundreds of radar imaging satellites go up over the next two or three years,” Gauthier said. “And so we’re really structuring some of our contracts to take advantage of that and bring that information into our analytic users hands every day.”

Gauthier estimated more than a quarter of the imagery NGA takes in today comes from commercial vendors.

“I foresee that number getting to 50%, and that’s where we might be able to say, ‘Now, we are predominantly using commercially provided data,’ as soon as we cross that threshold,” he said.

Bailment agreements grow

One way NGA has been testing out commercial capabilities is through the use of “bailment agreements.” The arrangements give the agency a chance to take temporary possession of a company’s imagery, analysis or other service at zero cost, so it can determine its utility and provide feedback to the vendor.

NGA has completed nearly two dozen bailment agreements over the last few years, and several companies have now won operational contracts with the agency, according to Gauthier.

“We’re trying to try out these goods and services,” he said. “If they’re not ready, they get feedback on how to make them more ready for government contracts. And then once they are, they’re in there competing with everybody else to win business.”

NGA signed 12 bailment agreements in 2021, and Gauthier expects that rate to continue in the years ahead.

“I think that’s sort of what we’re on pace to do every year, is to keep bringing in new actors into this competitive space, and ensure that we can get the types of services we need to satisfy mission,” he said.

]]>
https://federalnewsnetwork.com/inside-ic/2022/02/nga-developing-commercial-buying-guide-for-satellite-imagery/feed/ 0
NRO looks to ease companies in the door with tiered cybersecurity requirements https://federalnewsnetwork.com/inside-ic/2022/02/nro-looks-to-ease-companies-in-the-door-with-tiered-cybersecurity-requirements/ https://federalnewsnetwork.com/inside-ic/2022/02/nro-looks-to-ease-companies-in-the-door-with-tiered-cybersecurity-requirements/#respond Fri, 11 Feb 2022 22:47:01 +0000 https://federalnewsnetwork.com/?p=3905999 var config_3906108 = {"options":{"theme":"hbidc_default"},"extensions":{"Playlist":[]},"episode":{"media":{"mp3":"https:\/\/dts.podtrac.com\/redirect.mp3\/pdst.fm\/e\/chrt.fm\/track\/E2G895\/podone.noxsolutions.com\/media\/2252\/episodes\/020922_Inside_the_IC_Fullshow_Mixdown_4927.mp3"},"coverUrl":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2022\/02\/183879-image-1644619204-150x150.jpg","title":"Roles for commercial technology in one of the nation’s most secretive intel agencies","description":"[hbidcpodcast podcastid='3906108']nn<em>Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive\u2019s daily audio interviews on\u00a0<\/em><a href="https:\/\/itunes.apple.com\/us\/podcast\/federal-drive-with-tom-temin\/id1270799277?mt=2">Apple Podcasts<\/a><em>\u00a0or\u00a0<a href="https:\/\/www.podcastone.com\/federal-drive-with-tom-temin?pid=1753589">PodcastOne<\/a>.<\/em>nnThe National Reconnaissance Office is attempting to lower barriers to entry for commercial satellite firms competing for NRO business, including through tiered cybersecurity requirements that don\u2019t ask as much from companies, at least at first.nnThe tiered cybersecurity requirements are a feature of new contracts <a href="https:\/\/federalnewsnetwork.com\/intelligence-community\/2022\/01\/nro-inks-first-contracts-under-new-commercial-space-capabilities-opening\/">the NRO awarded last month to five companies<\/a> under a Broad Agency Announcement the agency has just begun using to test out commercial capabilities, according to Pete Muend, the director of the NRO\u2019s commercial systems program office.nn"Cybersecurity is critically important to everything that the NRO does,\u201d Muend said on Inside the IC.nn\u201cWe did go out of our way to start at a fairly approachable level that the commercial providers would not be hard pressed to meet, but actually put those hooks in place to be able to accelerate and enhance their cybersecurity posture to better meet our needs in the future," Muend said.nnThe cybersecurity of defense and intelligence contractors is a perpetual concern for agencies. The Defense Department initiated the Cybersecurity Maturity Model Certification program to address the problem, but the effort has been plagued by concerns about its costs driving businesses out of the defense industrial base.nnMuend said the NRO uses \u201ca number of tiers of cybersecurity trust.\u201dnn\u201cIt extends from a very low barrier to entry, something that we would call an 'unverified provider' that really is the bare minimum that a company would have to accomplish to really hold the federal government contract,\u201d he said.nnThe tiered approach then moves to what NRO terms an \u201cindustrial standard provider,\u201d Muend continued, \u201cthat more leverages a lot of the best of breed of U.S. government standards, from [National Institute of Standards and Technology] standards to the DoD CMMC posture.\u201dnnThe higher levels are \u201cwhat we would consider a secure provider that does leverage some formal authorization and accreditation for parts of their architecture,\u201d Muend said.nnThe tiered framework is also featured in the NRO\u2019s Electro-Optical Commercial Layer contract, which is currently under source selection. Muend said the tiers were developed in conjunction with the National Geospatial-Intelligence Agency.nnMuend\u2019s office is leading the NRO\u2019s efforts to forge a closer relationship with the commercial satellite sector. The secretive spy satellite agency is looking to tap into a fast-growing commercial space market. The number of satellites circling the Earth grew by 37% to 3,371 in 2020, according to the Satellite Industry Association.nnThe first five awards under the NRO\u2019s new BAA framework went to five synthetic aperture radar satellite companies: Airbus, U.S.; Capella Space; ICEYE, U.S.; PredaSAR; and Umbra.nnWhile the NRO declined to confirm the next area of interest under the BAA, officials previously said the agency is also interested in hyper-spectral imaging, radio-frequency sensing and other remote sensing \u201cphenomenologies\u201d that come out of the commercial sector.nnThe five satellite radar firms are each on an initial six-month contract, with options to extend out to 30 months. The NRO will initially work with the companies on modeling and simulation data, before validating those performance assessments with actual on-orbit data, according to Muend.nnIf it\u2019s found to be useful, the contracts also include the option for the NRO to begin purchasing imagery and other data, he said.nnTo start things off, the NRO also asked the companies to provide a concept-of-operations for how they would strengthen their cybersecurity approach over time.nn\u201cBecause for us to take more and more advantage of these of these companies and the capabilities that they can bring to bear, the more trust we can have in their architecture, I think the more opportunities we'll all have in the future,\u201d Muend said."}};

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The National Reconnaissance Office is attempting to lower barriers to entry for commercial satellite firms competing for NRO business, including through tiered cybersecurity requirements that don’t ask as much from companies, at least at first.

The tiered cybersecurity requirements are a feature of new contracts the NRO awarded last month to five companies under a Broad Agency Announcement the agency has just begun using to test out commercial capabilities, according to Pete Muend, the director of the NRO’s commercial systems program office.

“Cybersecurity is critically important to everything that the NRO does,” Muend said on Inside the IC.

“We did go out of our way to start at a fairly approachable level that the commercial providers would not be hard pressed to meet, but actually put those hooks in place to be able to accelerate and enhance their cybersecurity posture to better meet our needs in the future,” Muend said.

The cybersecurity of defense and intelligence contractors is a perpetual concern for agencies. The Defense Department initiated the Cybersecurity Maturity Model Certification program to address the problem, but the effort has been plagued by concerns about its costs driving businesses out of the defense industrial base.

Muend said the NRO uses “a number of tiers of cybersecurity trust.”

“It extends from a very low barrier to entry, something that we would call an ‘unverified provider’ that really is the bare minimum that a company would have to accomplish to really hold the federal government contract,” he said.

The tiered approach then moves to what NRO terms an “industrial standard provider,” Muend continued, “that more leverages a lot of the best of breed of U.S. government standards, from [National Institute of Standards and Technology] standards to the DoD CMMC posture.”

The higher levels are “what we would consider a secure provider that does leverage some formal authorization and accreditation for parts of their architecture,” Muend said.

The tiered framework is also featured in the NRO’s Electro-Optical Commercial Layer contract, which is currently under source selection. Muend said the tiers were developed in conjunction with the National Geospatial-Intelligence Agency.

Muend’s office is leading the NRO’s efforts to forge a closer relationship with the commercial satellite sector. The secretive spy satellite agency is looking to tap into a fast-growing commercial space market. The number of satellites circling the Earth grew by 37% to 3,371 in 2020, according to the Satellite Industry Association.

The first five awards under the NRO’s new BAA framework went to five synthetic aperture radar satellite companies: Airbus, U.S.; Capella Space; ICEYE, U.S.; PredaSAR; and Umbra.

While the NRO declined to confirm the next area of interest under the BAA, officials previously said the agency is also interested in hyper-spectral imaging, radio-frequency sensing and other remote sensing “phenomenologies” that come out of the commercial sector.

The five satellite radar firms are each on an initial six-month contract, with options to extend out to 30 months. The NRO will initially work with the companies on modeling and simulation data, before validating those performance assessments with actual on-orbit data, according to Muend.

If it’s found to be useful, the contracts also include the option for the NRO to begin purchasing imagery and other data, he said.

To start things off, the NRO also asked the companies to provide a concept-of-operations for how they would strengthen their cybersecurity approach over time.

“Because for us to take more and more advantage of these of these companies and the capabilities that they can bring to bear, the more trust we can have in their architecture, I think the more opportunities we’ll all have in the future,” Muend said.

]]>
https://federalnewsnetwork.com/inside-ic/2022/02/nro-looks-to-ease-companies-in-the-door-with-tiered-cybersecurity-requirements/feed/ 0