Intel Too Overloaded For Cyber Taskings?

01/17/2010

By John Wheeler

Ne sutor ultra crepidam
(Apelles the Painter to a shoemaker criticizing his picture, as Quoted by Pliny the Elder)

Overload Alert
Are recent events regarding US intelligence efforts indications that the intelligence agencies might be overloaded with work?  The first-draft answer is Yes, and that a re-balancing of cyberspace duties seems to be in order.  Certainly this question is a subject for examination by defense planners, Congress, and the National Security Council.  Current hearings and the travails of standing up USCYBERCOM afford a window to examine the issue.
Factors for consideration include:

  1. A significant amount of warfighting is done by intelligence agencies. This capability seems largely to overlap with the military services. For example, both dedicate resources to extensive flying, targeting, and evaluating air-borne ISR sorties.
  2. A heavy amount of cyber warfighting tasks are assigned either formally or de facto to the intelligence agencies. For example, USCYBERCOM HQ is located in Ft Meade, Maryland. Housing USCYBERCOM HQ in the heart of US intelligence naturally and powerfully attracts the attention of intelligence resources away from the core tasks of intelligence, on which our country has long relied and which are currently the subject of significant Congressional and DoD reviews for effectiveness.
  3. Law enforcement professional skill sets, warfighting professional skill sets, and intel professional skill sets differ significantly from each other. Moving core warfighting and law enforcement functions either de facto or formally into the intelligence ambit may perhaps run counter to the conventional wisdom of the private and government sector about the difficulty of successfully merging differing corporate and institutional cultures. In any event, as the merger goes on, and USCYBERCOM stands up, the best practices from the field of mergers could assist the effort.

Recent articles and testimony make references to the overload of the intel agencies. Is it possible that the core intelligence functions may deteriorate as intelligence work assignments extend into the realms of law enforcement and warfighting?  This question relates to task overload and a lack of expertise in warfghting arising due to three recent cases:

  • the Fort Hood shootings;
  • the attempted bombing of a Delta Flight on Christmas Day;
  • and the loss of seven CIA Intelligence professionals in a warfighting situation.
WEEK14JACK1
The federal government will have spent $7.9 billion in 2009 securing its computers against hackers and other cybersecurity threats. With the number and complexity of cyberattacks on the rise, government analyst Input predicts that the government's cybersecurity spending will increase to $11.7 billion in 2014, a compound annual growth rate of 8.1 percent. That's a lot of antivirus software (credit:http://www.fcw.com/Articles/2009/11/02/WEEK-cybersecurity-infographic.aspx; posted November 2nd, 2009)

Cyberspace More of  a Warfighting Domain
With difficulties emerging in the core intelligence functions of data gathering and sharing, is the foreseeable task load of cyber responsibility an overload for intel personnel and agencies?
As a historical comparison, the British, German, French, and US defense institutions did not assign undersea warfighting to their intelligence agencies when the field emerged as a warfighting domain. Indeed, in the case of the air domain, the warfighting and law enforcement forces of each nation applied their history and knowledge to the new domain.
Notably, as in the case of cyberspace, air operations started in the signals and comm lanes. In the early 1900s it was the US Army Signal Corps that developed the early technology and methods for US air operations. But as a warfighting and law enforcement domain, air was in due course overseen by the warfighting and law enforcement institutions because it fell within the ambit of the professional warfighting professional skill set — as typified by the principles of war — and the law enforcement professional skill set.
It may be that once cyberspace moves into the warfighting and law enforcement realm, there would be some improvement in privacy concerns. Indeed the public may see the warfighting and law enforcement institutions as less of a threat to  personal privacy than the intelligence institutions.
In any event, the warfighting and law enforcement institutions of the US have successfully balanced the Constitution’s guarantees of personal liberty and the duty to provide for the common defense  — as with FAA registration of commercial and airline flights; tracking nautical traffic approaching the continental shelf; tracking aircraft at the Air Defense Identification Zone boundary — all using private data.
Most notably, the National Guard, Reserves, active military, and law enforcers have a historic and traditional duty to rescue, comfort, and even feed and provide medical care for citizens in times of earthquakes, floods, fires, and other disasters. The citizen bond of trust to warfighters and to law enforcers is of a different and more benevolent character than to the intelligence agencies.

In Search of the Right Balance
In light of the above considerations, what is the right balance of activity in cyberspace between US warfighters, law enforcers, and the intelligence agencies?
Pliny the Elder may speak to this: Ne sutor ultra crepidam (i.e. “Shoemaker, Stick to your last”). In a nutshell, the intelligence agencies are the “shoemakers” of data gathering and warning.  Do recent breakdowns say that intelligence professionals should stick closer to their last?
The burden of proof seems to be upon those who argue that intelligence agencies, though overstretched, can swallow such a huge part of the new cyberspace mission set.  Wisdom and history say warfighters and law enforcers are the teams distinctively competent to manage the cyberspace domain in the common defense, as with each domain of air, space, sea, undersea, and land.

Best to learn from wisdom in the present than pain in the future.

———-

***Posted January 17th, 2010