There are any number of discussions on the news about intelligence gathering, the intelligence community, the Foreign Intelligence Surveillance Court, as well as many other agencies with three-letter acronyms. One of the problems is many people don’t know what these entities are, or what they actually do, particularly in connection with cybersecurity. 

The “Who is who and what do they do?” series will examine a number of intelligence, law enforcement, and other agencies and entities, and try to explain, based upon open-source material, who the agencies are and what they do.

To start: Some of the basics, specifically, what is the intelligence community, what entities make up the IC and what do they do? Future articles will examine other intelligence agencies, such as the Office of Director of National Intelligence, or ODNI, as well as more traditional law enforcement agencies, such as the Department of Justice. 

The best starting point is to try and define what exactly the IC is. According to the ODNI, “The IC is a federation of executive branch agencies and organizations that work separately and together to conduct intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.”

In other words, there is a collection of agencies and entities at the federal level that focus on national security and foreign relations activities, but not law enforcement. These activities include:

  • Collection of information needed by the president, the National Security Council, the Secretaries of State and Defense, and other Executive Branch officials for the performance of their duties and responsibilities.
  • Production and dissemination of intelligence.
  • Collection of information concerning, and the conduct of activities to protect against, intelligence activities directed against the U.S, international terrorist and international narcotics activities, and other hostile activities directed against the U.S. by foreign powers, organizations, persons and their agents.
  • Administrative and support activities within the U.S. and abroad necessary for the performance of authorized activities.
  • Such other intelligence activities as the president may direct from time to time.

Perhaps the next best question to ask is: “What exactly is the vision and mission of these entities?” According to the ODNI: "The United States Intelligence Community must constantly strive for and exhibit three characteristics essential to our effectiveness. The IC must be integrated: A team making the whole greater than the sum of its parts. We must also be agile: an enterprise with an adaptive, diverse, continually learning, and mission-driven intelligence workforce that embraces innovation and takes initiative. Moreover, the IC must exemplify America's values: operating under the rule of law, consistent with Americans' expectations for protection of privacy and civil liberties, respectful of human rights, and in a manner that retains the trust of the American people." 

A related, but equally important question, is what threats do these agencies protect us against? In the past, military threats were likely the primary concern, but as the threats have changed, the agencies have had to adapt, including to cyber threats. According to ODNI, the threats include:

Terrorism: Terrorism means premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents, usually intended to influence an audience – violence as evidenced in the U.S. on 11 September 2001.

Proliferation: Proliferation refers to the provision of nuclear weapons and/or technology by states that possess them to states that do not.

Chemical Warfare: Chemical Warfare can be considered the military use of toxic substances such that the chemical effects of these substances on exposed personnel result in incapacitation or death. It is the impact of chemical effects instead of physical effects that distinguishes chemical weapons from conventional weapons, even though both contain chemicals. A chemical weapon comprises two main parts: the agent and a means to deliver it. Optimally, the delivery system disseminates the agent as a cloud of fine droplets. This permits coverage of a broad amount of territory evenly and efficiently.

Biological warfare: Biological Warfare is the use of pathogens or toxins for military purposes. Biological warfare agents are inherently more toxic than chemical warfare nerve agents on a weight-for-weight basis and can potentially provide broader coverage per pound of payload than CW agents. Moreover, they are potentially more effective because most are naturally occurring pathogens – such as bacteria and viruses – which are self-replicating and have specific physiologically targeted effects, whereas nerve agents are manufactured chemicals that disrupt physiological pathways in a general way.

Information infrastructure attack: Political activism on the Internet has generated a wide range of activity, from using e-mail and web sites to organize, to web page defacements and denial-of-service attacks. These computer-based attacks are usually referred to as hacktivism, a marriage of hacking and political activism.

Narcotics trafficking: Drug dependence is a chronic, relapsing disorder that exacts an enormous cost on individuals, families, businesses, communities, and nations. Addicted individuals frequently engage in self-destructive and criminal behavior. Along with prevention and treatment, law enforcement is essential for reducing drug use. Illegal drug trafficking inflicts violence and corruption on our communities. Law enforcement is the first line of defense against such unacceptable activity. The intelligence community must support this defense to the extent feasible and allowable by law.

So who makes up this group that is tasked with this important mission? There are 17 federal organizations, some of which are military, some of which are intelligence agencies, as well as other entities, and they are:

  • Air Force Intelligence.
  • Army Intelligence.
  • Central Intelligence.
  • Agency Coast Guard Intelligence.
  • Defense Intelligence Agency.
  • Department of Energy.
  • Department of Homeland Security.
  • Department of State.
  • Department of the Treasury.
  • Drug Enforcement Administration.
  • Federal Bureau of Investigation.
  • Marine Corps Intelligence.
  • National Geospatial-Intelligence Agency.
  • National Reconnaissance Office.
  • National Security Agency.
  • Navy Intelligence.

A final question that many have about the IC is, “How do they collect intelligence?” There are a number of different methods, all with their own somewhat confusing acronym, that ODNI has tried to demystify. 

According to ODNI, there are six basic intelligence sources, or “collection disciplines," and as one examines these disciplines, the ever-increasing role of technology becomes striking. 

The first is signals intelligence (SIGINT). “Signals Intelligence is derived from signal intercepts comprising — however transmitted — either individually or in combination: all communications intelligence (COMINT), electronic intelligence (ELINT) and foreign instrumentation signals intelligence (FISINT). Not surprisingly, the National Security Agency, or NSA, is responsible for collecting, processing and reporting SIGINT.

The next is imagery intelligence (IMINT): “Imagery Intelligence includes representations of objects reproduced electronically or by optical means on film, electronic display devices, or other media. Imagery can be derived from visual photography, radar sensors, and electro-optics.” The National Geospatial-Intelligence Agency, or NGA manages all imagery intelligence activities, both classified and unclassified, within the government.

Measurement and Signature Intelligence (MASINT): “Measurement and Signature Intelligence is technically derived intelligence data other than imagery and SIGINT. The data results in intelligence that locates, identifies, or describes distinctive characteristics of targets.” This form of intelligence is multi-disciplinary, and includes nuclear, optical, radio frequency, acoustics, seismic, and materials sciences.

Perhaps the oldest, and most commonly thought of form of intelligence is Human-Source Intelligence (HUMINT): “Human intelligence is derived from human sources. To the public, HUMINT remains synonymous with espionage and clandestine activities; however, most of HUMINT collection is performed by overt collectors such as strategic debriefers and military attaches.”

Open-Source Intelligence (OSINT): “Open-Source Intelligence is publicly available information appearing in print or electronic form including radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and drawings.” According to ODNI, open-source collection responsibilities are broadly distributed through the IC, though the “major collectors” are the DNI's Open Source Center (OSC) and the National Air and Space Intelligence Center (NASIC).

Finally, Geospatial Intelligence (GEOINT): The analysis and visual representation of security related activities on the earth. It is produced through an integration of imagery, imagery intelligence, and geospatial information.

Ultimately, many companies will not interact with the IC directly, or engage in any of the various collection disciplines, but understanding the broad structure of the IC, who the players are, what they do, and how they do it, will lay the foundation for understanding how to “deconflict cyber” if a security incident happens to your company.

photo credit: deepakiqlect Artificial Intelligence - Resembling Human Brain via photopin