Who’s Got the Chops to Run a Transatlantic Cyberspy Cell?

President Barack Obama listens as British Prime Minister David Cameron speaks during their joint news conference in the White House.

President Barack Obama listens as British Prime Minister David Cameron speaks during their joint news conference in the White House. Evan Vucci/AP

A sustained British-American operation focused on threats to both countries’ networks would be unprecedented.

The success of a newly announced U.S.-U.K. cyberspy unit in many ways will depend on its yet-to-be named leaders, who, digital investigators say, will be hard to find.

There's a small talent pool of cybersecurity technologists -- some say 1,000 -- and an even smaller pool of technologists who are privacy-conscious, good managers -- some say none. 

President Barack Obama and British Prime Minister David Cameron late last week agreed to form a Joint Cyber Cell, in the wake of coordinated cyberintrusions targeting Sony, the White House and other agencies and businesses. Threat actors typically compromise information technology systems across numerous borders to get at one target.

A sustained British-American operation focused on threats to both countries’ networks would be unprecedented.

The immediate challenge facing the unit is leadership, observers say.

Over the weekend, numerous cyber and Internet privacy analysts were hard-pressed to name potential contenders who understand code, people and the law. Several top U.S. cyber officials who lack technical skills, such as White House cyber czar Michael Daniel and FBI Director James Comey, have lost standing in the eyes of among some Americans.

Whoever is at the top "should be someone with an IT security and forensics background. No names come to mind," said Darren Hayes, a digital forensics professor at Pace University, who consults on legal cases. 

Jim Penrose, a 17-year National Security Agency veteran, said, “In this early stage, it’s all about leadership; you have to get the right people in charge so that you are able to bring the right team together and to work through all of the actual machination of building the organization."

He said he couldn't imagine an ideal candidate. "It’s very much a rare commodity, and certainly you want people who understand the discipline of intelligence but also have the reality of operations and law enforcement in mind, too, and have that experience. It’s not normal to find all of that wrapped up in one person,"said Penrose, now executive vice president at U.K. cyber intelligence firm Darktrace.

Today, U.S.-UK cooperation on cyber sleuthing and information sharing is effective, but driven by one-off events. For example, the FBI and Britain's National Crime Agency currently are jointly closing in on Lizard Squad hacking gang members who over Christmas knocked offline Sony PlayStation and Microsoft Xbox.

Going forward, Britain's GCHQ and MI5 will partner with NSA and the bureau to establish cyber defense offices in both countries. The task force will monitor certain cybersecurity "topics" and communicate fresh threat information at net-speed by working face to face, officials said. 

In Need of A Few Good Men (or Women)

Once a leader -- or co-leaders -- is found, the next task will be to search for subordinates to forge camaraderie. Such individuals are in short supply, too. 

Though figures on the extent of the cyber pro shortage vary, multiple reports estimate the United States only has 1,000 top-class cyber professionals to split across the private sector, military and civilian government. China has 10 times that many cyber warriors, Alan Paller, founder of the SANS Institute cyber training school, and George Boggs, president emeritus of the American Association of Community Colleges, said in a 2013 USA Today op-ed

"Many students in IT majors today are veterans, with security clearances and have tremendous cybersecurity and forensics skills, but find it extraordinarily difficult to find employment with the government and therefore end up in private industry," said Hayes, who hails from Dublin. The government has not made the process of hiring cybersecurity experts easier, and many emails and phone calls Hayes said he has made on behalf of students go unanswered.

He recalled a time when a Department of Homeland Security senior official begged the university's students to consider federal cyber positions and then proceeded to say that, after applying it might take a couple of years to be called for an interview, but be patient.

"No IT graduate with college loans is going to wait a couple of years to get a call so they'll find a job in the private sector developing apps or something else," Hayes said. 

When the FBI's Comey last October at a Brookings Institution event declared his hope that tech companies would build "front doors" into encrypted communications for the purposes of lawful interceptions, he rankled many in the security community.

"The experts say that when you add either a back door or a front door -- and by the way the difference is completely inane -- when you add a back door or a surveillance interface to a system, you weaken the security of that system," Chris Soghoian, principal technologist and senior policy analyst with the American Civil Liberties Union, said during a Brookings podcast the next month. "You will not find a single respected technical expert who will get up on stage and back the idea of weakening the security of a system."

Comey is smart, Soghoian stressed, but he is not a technician. 

During an interview with Information Security Media Group, Daniel said "being too down in the weeds at the technical level could actually be a little bit of a distraction." He later elaborated to Nextgov the skill set needed to tackle the cyber problem is multidimensional and a leader can be successful in the field by bringing to the table other talents.

A Dual Home

Speaking about the inchoate cyber cell, Penrose said, "You need a cohesive team of experts who can really go much deeper on cybersecurity threats -- to really reduce the amount of time that we spend on the phone doing paperwork." 

To build solidarity, squad members likely won't be sent on long-term foreign operations, Penrose said.

"You want people to have some stability with their family lives so they are fully engaged," he said. "Certainly, people will do temporary assignments for 90 days or 45 days, depending upon what’s going on. If you want it to have more staying power, you want to pick a spot and then stick with it."

It’s expected the cell will have two homes: one in the U.S. and one in the U.K. 

This would be a cadre of intelligence analysts from both sides of the Atlantic zeroing in on cyber defense writ large, not just financial fraud and traditional crime, Penrose said. Countering assaults by nation states -- like hacks at the Office of Personnel Management and other departments, as well as the destructive network intrusion at Sony -- demands ongoing collaboration.

The bad guys are hijacking servers in America, Europe and other countries to mask their identities and locations, computer investigators say.

"Given that the more sophisticated hackers proxy through a variety of computers in different countries, obtaining evidence from multiple countries is imperative," Penrose said.