“The continuing threat to the homeland is obvious. Terrorists continue to seek weapons of mass destruction, cyber and conventional capabilities to do us harm. It falls to the intelligence community, law enforcement at all levels, and other non-traditional partners to produce the homeland security intelligence that will protect our nation and still preserve our liberties. We have made improvements at this complex task over the past ten years, but the fact remains that we need to get even better because failure is not an option.”
– INSA Chairwoman Fran Townsend

++++

A new study warns that the U.S. must develop cyber intelligence as a new and better coordinated government discipline that can predict computer-related threats and deter them.

The report by the Intelligence and National Security Alliance says the dramatic expansion of sophisticated cyber-attacks has moved beyond acceptable losses for government and businesses that simply threaten finances or intellectual property.

“The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown,” said the report, which is slated to be released later this month. It adds that it is not clear that the business community understands or accepts that.

The report comes amid growing worries the U.S. is not prepared for a major cyberattack, even as hackers, criminals and nation states continue to probe and infiltrate government and critical business networks millions of times a day.

INSA, a non-partisan national security organization, says the U.S. must develop strategies beyond the current “patch and pray” procedures, create cyber intelligence policies, coordinate and share intelligence better among government agencies and businesses, and increase research on attack attribution and warnings.

And it says the U.S. must develop effective cyber intelligence so officials can assess and mitigate the risks.

Key recommendations of the report:

 

  • Adopt a common definition of Homeland security Intelligence to facilitate its collection, analysis, use in decision making, and development as a discipline;
  • More fully connect the federal, state, local and tribal law enforcement and intelligence agencies with broadly-defined and overlapping counterterrorism responsibilities and, as appropriate,
  • Partners from the private sector, into an enterprise characterized by coordination of intelligence and analysis efforts, not command and control;
  • Seek opportunities to include the public into the enterprise, such as by encouraging citizens to respond to the DHs “see something, say something” campaign to provide information that may result in suspicious activity reporting (sAr) and community engagement with isolated immigrant communities and other potentially disconnected and disaffected elements; and,
  • Ensure the protection of privacy and civil liberties as a core intelligence mission through widely applicable training and accountability standards in order to promote the lawful yet aggressive detection and deterrence of terrorist operatives in the homeland

Many of the report’s observations echo sentiments expressed by Pentagon and Department of Homeland Security officials who have been struggling to improve information sharing between the government and key businesses. But efforts to craft needed cybersecurity legislation have stalled on Capitol Hill.

INSA’s report also lays out the growing threats from other nations — including those who are friendly, corrupt or just unable to control hackers within their borders.

While it doesn’t name the countries, it notes that failed states provide opportunities for hackers, as they do for criminals and terrorists, while other nations tolerate the criminals as long as they concentrate their activities beyond their borders.

U.S. officials have long pointed to Russia and China, as well as a number of Eastern European nations, as some of the leading safe havens for cybercriminals, or government-sponsored or tolerated hacking.

At the same time, the report warns that the U.S. has also outsourced much of the design and maintenance of computer technology to other countries where potential adversaries can easily insert themselves into the supply chain.

“The present situation is as dangerous as if the United States decided to outsource the design of bridges, electrical grids, and other physical infrastructure to the Soviet Union during the Cold War,” said INSA, which is headed by Frances Townsend, who was homeland security adviser in the Bush administration.

Much like the criticism of the overall intelligence community in the aftermath of the Sept. 11 attacks, the INSA report says that cyber intelligence needs better coordination among government agencies, as well as with the private sector.

Download the report here.

Get the latest news alerts: Follow WRAL Tech Wire at Twitter.