What is Cyber ISR?
By Col. Arthur Wunder, 102nd Intelligence Wing Office of Transformation
/ Published February 11, 2016
OTIS AIR NATIONAL GUARD BASE, Mass. -- You're on a dark desert highway; cool wind in your hair...Up ahead in the distance you see some shimmering lights...*
...and then they all go dark...
What happened, did someone take out a utility pole? Was the generating capacity of the local electrical power plant exceeded? Or, perhaps, did something more nefarious occur? How would you know? How would government authorities or plant officials know? Who is capable of causing an effect like this on our power grid? What if the decision is made to respond non-kinetically to that action? What information would we need to prepare for such an event?
If only there were units with subject matter experts whose mission it is determine the answers to questions like that. Well, good news, there is!
Cyber intelligence surveillance and reconnaissance, or cyber intelligence, helps answer those questions. The cyber ISR mission area is fairly new to the intelligence community, first coming on-line in the last six or seven years in the Air National Guard. While cyber intelligence is new, it's not a new intelligence discipline. There's no new CYBINT, instead cyber ISR is all-source intelligence that encompasses and fuses traditional intelligence disciplines through the cyberspace domain.
Now that you know what cyber ISR isn't, let's discuss what cyber ISR is. According to the 2014 United States National Intelligence Strategy, "Cyber intelligence is the collection, processing, analysis, and dissemination of information from all sources of intelligence on...
· Foreign actors' cyber programs, intentions, capabilities, research and development, tactics, and operational activities and indicators;
· Their impact or potential effects on national security, information systems, infrastructure, and data;
· Network characterization, or insight into the components, structures, use, and vulnerabilities of foreign information systems."
Similarly, cyber intelligence is part of the 2015 Department of Defense Cyber Strategy:
"On matters of intelligence, attribution, and warning, DoD and the intelligence community have invested significantly in all source collection, analysis, and dissemination capabilities, all of which reduce the anonymity of state and non-state actor activity in cyberspace. Intelligence and attribution capabilities help to unmask an actor's cyber persona, identify the attack's point of origin, and determine tactics, techniques, and procedures. Attribution enables the Defense Department or other agencies to conduct response and denial operations against an incoming cyber-attack."
Cyber intelligence is not cyber security, but cyber intelligence analysts must understand offense and defensive cyber operations to be a successful cyber intelligence analyst. Every action in cyberspace has a human behind it, whether it's driving a specific switch action or initiating an automated denial of service attack; someone, somewhere is initiating and directing that action. Cyber intelligence involves trying to connect the dots and identify all the different touch points between the various layers in cyberspace. Determining the connections and connection points lets the analyst draw a multidimensional picture of where potential cyber vulnerabilities may exist, or identify the actors behind an action.
According to the organizational change request, the 202 ISRG will have three subordinate squadrons: 267th Intelligence Squadron, 203rd Intelligence Squadron and 202nd Intelligence Support Squadron.
Whether you have an affinity for computers and networks or not doesn't matter; we'll teach you what you need to know...and it's not ALL about ones and zeros. What you do need to bring to the table is the ability to learn, and the passion, curiosity and problem solving mindset of an intelligence analyst. Cyber ISR is intelligence at the strategic level with all-source input and long-term problem sets; searching for a specific needle in a pile of needles to enable future cyber operations.
There's plenty of room for you at the 202nd and we are ready to receive, you can check us out anytime you like, but you may never leave!
*Hotel California, Eagles, 1977