Data Evolution, Cyber Threats Under Scrutiny on Capitol Hill

From left to right, FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, DIA Director Gen. Robert Ashley, NSA Director Gen. Paul Nakasone and National Geospatial-Intelligence Agency Director Robert Cardillo testify before the Senate Select Committee on Intelligence in Washington, D.C., on Jan. 29, 2019. Office of the Director of National Intelligence photo.

Data issues took center stage on a national security-heavy day on Capitol Hill Jan. 29, as lawmakers and defense officials discussed how to mine, protect, leverage, and combat information as a cornerstone of modern warfare.

Their concerns echo the Air Force’s attempts to better manage its vast data troves, understand global adversaries’ digital advances, and funnel data into technologies that can make the military smarter, faster, and more lethal. The intelligence community’s increasing focus on the digital space also mirrors the Pentagon’s efforts to further develop its cyber mission forces and protect its networks.

“We are now living in a new age—a time characterized by hybrid warfare and weaponized disinformation, all occurring within the context of a world producing more data than mankind has ever seen,” Sen. Richard Burr (R-NC), chairman of the Senate Select Committee on Intelligence, said in prepared remarks at a wide-ranging hearing on the global threat environment. “Tomorrow, it’s going to be deep fakes, artificial intelligence, and a 5G-enabled internet of things with billions of internet-connected consumer devices.”

Burr’s attempt to divine just how prepared the defense community is to counter those evolving, asymmetric threats yielded few detailed answers in the public forum. Director of National Intelligence Dan Coats noted intelligence officials are focused on securing enough funding for the personnel, tools, and weapons needed to properly address how adversaries are using data around the world, while other officials promised the issue is a high priority.

“It’s the coin of the realm today … not only for information that it can provide us but also, as you indicated, the weaponization of it. We see our adversaries very interested in being able to procure data,” National Security Agency Director Gen. Paul Nakasone, who also leads US Cyber Command, said. “This is something we’re very, very focused on.”

The US intelligence community’s unclassified 2019 Worldwide Threat Assessment report, released for the hearing, outlines data concerns ranging from Russian disinformation campaigns and Chinese cyber espionage to possible disruption of US infrastructure and the rise of smarter, faster computers and networks. North Korea and Iran are advancing their cyber capabilities as well.

“China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge,” according to the report. “At present, China and Russia pose the greatest espionage and cyber attack threats, but we anticipate that all our adversaries and strategic competitors will increasingly build and integrate cyber espionage, attack, and influence capabilities into their efforts to influence US policies and advance their own national security interests.”

China is able to interrupt normal operations of American infrastructure like natural gas pipelines for days to weeks, while Russia could do the same to electrical distribution networks for hours.

“Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage,” Coats’s report added.

Similarly, the DNI report notes Russian intelligence and security services will continue targeting the IT networks of US, NATO, and the four countries America shares information with as part of the “Five Eyes” coalition: the United Kingdom, Australia, New Zealand, and Canada.

“Certainly we see strong interest from a computer intrusion dimension both from nation-states, but also from criminal hackers, and increasingly, the two in a blended threat way, … which just is a form of outsourcing that makes it even more of a menace,” FBI Director Christopher Wray added.

Defense Intelligence Agency Director General Robert Ashley said the US will need to fight data with other algorithms to counter the rise of doctored videos, audio, and more.

“How do you get deep fakes that are really, really good? Lots of data—that’s how you train your algorithms,” he said. “It goes back to kind of where we started, the ability to protect that information, to preclude the training of those algorithms to a degree where you cannot tell the difference. Our challenge is, how do you build the algorithm to identify the anomaly? Because every deep fake has a flaw—at least, now they do.”

At a Senate Armed Services cybersecurity subcommittee hearing later in the day, Pentagon Chief Information Officer Dana Deasy noted artificial intelligence could also help secure the Defense Department’s supply chain as China and others trawl for sensitive information.

“There is definitely going to be value in looking at, how do you take the entire supply base, the [National Institute of Standards and Technology] standards, the [cyber] hygiene problems we see, and … [then] apply AI to this problem to start to identify where you may, most likely are going to experience problems in such a supply chain?” Deasy said.

The Defense Department is in the early stages of considering whether it could certify companies to determine if second- and third-tier suppliers are obeying cybersecurity standards.

The Pentagon has embarked on a multifaceted effort to rethink its data and network protections and ensure its weapon systems, cloud architectures, and IT networks can withstand cyber intrusions. Military officials are collaborating with industry to strengthen contractual cybersecurity obligations and to properly respond when things go wrong.

“There’s a sense of optimism,” Marine Corps Brig. Gen. Dennis Crall, the Pentagon’s principal deputy cyber advisor and senior military advisor for cyber policy, told SASC members. “I think the department has turned a corner, but this is the year that we really have to show the results of that effort.”