Who’s Got the Chops to Run a Transatlantic Cyberspy Cell?

President Barack Obama listens as British Prime Minister David Cameron speaks during their joint news conference in the White House.

President Barack Obama listens as British Prime Minister David Cameron speaks during their joint news conference in the White House. Evan Vucci/AP

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
Aliya Sternstein By Aliya Sternstein,
Senior Correspondent

By Aliya Sternstein

|

A sustained British-American operation focused on threats to both countries’ networks would be unprecedented.

The success of a newly announced U.S.-U.K. cyberspy unit in many ways will depend on its yet-to-be named leaders, who, digital investigators say, will be hard to find.

There's a small talent pool of cybersecurity technologists -- some say 1,000 -- and an even smaller pool of technologists who are privacy-conscious, good managers -- some say none. 

President Barack Obama and British Prime Minister David Cameron late last week agreed to form a Joint Cyber Cell, in the wake of coordinated cyberintrusions targeting Sony, the White House and other agencies and businesses. Threat actors typically compromise information technology systems across numerous borders to get at one target.

A sustained British-American operation focused on threats to both countries’ networks would be unprecedented.

The immediate challenge facing the unit is leadership, observers say.

Over the weekend, numerous cyber and Internet privacy analysts were hard-pressed to name potential contenders who understand code, people and the law. Several top U.S. cyber officials who lack technical skills, such as White House cyber czar Michael Daniel and FBI Director James Comey, have lost standing in the eyes of among some Americans.

Whoever is at the top "should be someone with an IT security and forensics background. No names come to mind," said Darren Hayes, a digital forensics professor at Pace University, who consults on legal cases. 

Jim Penrose, a 17-year National Security Agency veteran, said, “In this early stage, it’s all about leadership; you have to get the right people in charge so that you are able to bring the right team together and to work through all of the actual machination of building the organization."

He said he couldn't imagine an ideal candidate. "It’s very much a rare commodity, and certainly you want people who understand the discipline of intelligence but also have the reality of operations and law enforcement in mind, too, and have that experience. It’s not normal to find all of that wrapped up in one person,"said Penrose, now executive vice president at U.K. cyber intelligence firm Darktrace.

Today, U.S.-UK cooperation on cyber sleuthing and information sharing is effective, but driven by one-off events. For example, the FBI and Britain's National Crime Agency currently are jointly closing in on Lizard Squad hacking gang members who over Christmas knocked offline Sony PlayStation and Microsoft Xbox.

Going forward, Britain's GCHQ and MI5 will partner with NSA and the bureau to establish cyber defense offices in both countries. The task force will monitor certain cybersecurity "topics" and communicate fresh threat information at net-speed by working face to face, officials said. 

In Need of A Few Good Men (or Women)

Once a leader -- or co-leaders -- is found, the next task will be to search for subordinates to forge camaraderie. Such individuals are in short supply, too. 

Though figures on the extent of the cyber pro shortage vary, multiple reports estimate the United States only has 1,000 top-class cyber professionals to split across the private sector, military and civilian government. China has 10 times that many cyber warriors, Alan Paller, founder of the SANS Institute cyber training school, and George Boggs, president emeritus of the American Association of Community Colleges, said in a 2013 USA Today op-ed

"Many students in IT majors today are veterans, with security clearances and have tremendous cybersecurity and forensics skills, but find it extraordinarily difficult to find employment with the government and therefore end up in private industry," said Hayes, who hails from Dublin. The government has not made the process of hiring cybersecurity experts easier, and many emails and phone calls Hayes said he has made on behalf of students go unanswered.

He recalled a time when a Department of Homeland Security senior official begged the university's students to consider federal cyber positions and then proceeded to say that, after applying it might take a couple of years to be called for an interview, but be patient.

"No IT graduate with college loans is going to wait a couple of years to get a call so they'll find a job in the private sector developing apps or something else," Hayes said. 

When the FBI's Comey last October at a Brookings Institution event declared his hope that tech companies would build "front doors" into encrypted communications for the purposes of lawful interceptions, he rankled many in the security community.

"The experts say that when you add either a back door or a front door -- and by the way the difference is completely inane -- when you add a back door or a surveillance interface to a system, you weaken the security of that system," Chris Soghoian, principal technologist and senior policy analyst with the American Civil Liberties Union, said during a Brookings podcast the next month. "You will not find a single respected technical expert who will get up on stage and back the idea of weakening the security of a system."

Comey is smart, Soghoian stressed, but he is not a technician. 

During an interview with Information Security Media Group, Daniel said "being too down in the weeds at the technical level could actually be a little bit of a distraction." He later elaborated to Nextgov the skill set needed to tackle the cyber problem is multidimensional and a leader can be successful in the field by bringing to the table other talents.

A Dual Home

Speaking about the inchoate cyber cell, Penrose said, "You need a cohesive team of experts who can really go much deeper on cybersecurity threats -- to really reduce the amount of time that we spend on the phone doing paperwork." 

To build solidarity, squad members likely won't be sent on long-term foreign operations, Penrose said.

"You want people to have some stability with their family lives so they are fully engaged," he said. "Certainly, people will do temporary assignments for 90 days or 45 days, depending upon what’s going on. If you want it to have more staying power, you want to pick a spot and then stick with it."

It’s expected the cell will have two homes: one in the U.S. and one in the U.K. 

This would be a cadre of intelligence analysts from both sides of the Atlantic zeroing in on cyber defense writ large, not just financial fraud and traditional crime, Penrose said. Countering assaults by nation states -- like hacks at the Office of Personnel Management and other departments, as well as the destructive network intrusion at Sony -- demands ongoing collaboration.

The bad guys are hijacking servers in America, Europe and other countries to mask their identities and locations, computer investigators say.

"Given that the more sophisticated hackers proxy through a variety of computers in different countries, obtaining evidence from multiple countries is imperative," Penrose said.

NEXT STORY: Survey: Government Agencies May be Better than the Private Sector at Responding to Hacks

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.