/* */

13 December 2007

SIGINT in the exaflood environment

There has been a lot of talk recently regarding the implications of the rising rate of data exchange for policy issues such as network neutrality and broadband penetration. The term exaflood - coined by one particularly lobbying group - is apt enough, even if one doesn’t necessarily agree with their proposed solution approaches.

There has been however little discussion of the implications of this expansion for the intelligence community – at least in public and academic circles. The current debate is too much caught up in the things of lawyers and politicians, wrangling continuously over legislation drafted when networks were switched by telephone system hardware and connectivity not much different from the transoceanic telegraph systems of a century previously. Those are questions of whether or not the US should even be engaged in such activities, and are far too closely reminiscent of the short-sighted political decisions which resulted in the closure of the Black Chamber – with the potential for equally devastating consequences.

Traditional SIGINT techniques – even within the relatively new realm of digital network intelligence – are the products of an earlier era, in which the target set and its emanations were distinct enough from its environment to be amenable to capture and analysis using a certain degree of discrimination. The kinds of intelligence that will be required against the adversaries of tomorrow will be increasingly less able to rely on the traditional tradecraft which is undergirded by such assumptions.

We do agree with the statement, frequently attributed to former Assistant Director of Central Intelligence for Analysis & Production Mark Lowenthal, to the effect that “there is no such thing as information overload, only poor analytical strategies.” However, the exaflood will challenge both collection and analytical strategies such as never before. Against this backdrop, we look to the continuing infrastructure, language, and human resources challenges faced by those in this section of the community, and greatly wonder if our future community will be adequate to the task.

This is an intelligence challenge that goes far beyond the classic view of conversations that is implied with the COMINT model. Critical value will be found in the relationship and intentionality of information within the digital deluge as much as the actual items itself. One need only look to the importance of identifying individuals in video and photo, such as VOA Iran scandal or the as yet unresolved counterintelligence questions surrounding the relatives of Nada Prouty, for a glimpse of the future impact of such changes on the way the community does business.

Short of some unexpected development in artificial intelligence which will allow for a weakly-godlike appreciation of this overwhelming mass of largely undifferentiated packets, new approaches will be desperately needed. One can only get so far with human-centered processing strategies (at least without introducing a much large pool of vetted practitioners in a Mechanical Turk like system.) And we will still face the essential limitations of time – the time needed to immerse, incubation, and cultivate a longer term appreciation of the narrow windows into complex issues SIGINT will provide, even in the new environment.

It is our contention that the native competency of intelligence in the cyber environment has yet to be recognized. The nature of cyber intelligence in its mature form will have shifted so far from its roots in the SIGINT and even OSINT disciplines that it may well be unrecognizable to the practitioners of today (no matter how complex the Large Scale Internet Exploitation System or how many dark web projects are built for OSINT purposes).

We do not yet know what the new discipline will look like, nor how it will ultimately be shaped. But we are very interested to observe its evolution, and are privileged to be present at its creation.

Labels: , , ,