In 2008, now ten years ago, in Georgia we were observing the first documented example of the use of “cyber” tools supporting the Russian Army’s air-land operations. The incident took place barely a year after the near-paralysis of Estonia following a cyberattack. Cyber has, since, fully entered the field of military actions by revolutionising the ways in which it can be used. Cyberspace is defined in military doctrine as “a global domain consisting of the meshed network of information technology infrastructures (including the Internet), telecommunications networks, computer systems, processors and integrated control mechanisms”. It’s a space that’s proving difficult to understand.
Cyber is changing intelligence
The cyber revolution is not just a technical revolution. It brings about a transformation in the behaviours and uses of the services, administrations and companies that benefit from them. intelligence is being hit hard by this revolution, in a world where the boundary between man and machine is fading away, without ever actually completely disappearing. An Intelligence Agent is now both the user and the victim of data in what is also a revolution in cyber data.
As early as 2013, the link between cyber and intelligence was raised in the White Paper on Defense and National Security. It states, “the new importance of the cyber threat involves developing intelligence activity in this domain as well as the corresponding technical capabilities. The purpose is to enable us to identify the origin of the attacks, to evaluate the offensive capabilities of potential adversaries so they can be countered. The capabilities of identification and offensive action are essential for an eventual and proportional response to the attack.”
But the tools being made available to intelligence services are presenting new challenges. Data is now collected in huge quantities which complicates their cohesion and diffusion. The current context is also reinforcing the expectations in this domain. There is a permanent need and decisions are commonly taken as a matter of urgency.
Today cyber is part of war, visible in all conflicts, central to operations of influence, agitation and propaganda. In other words, cyber is working its way into traditional war, both brutal and tragic, and neither virtual nor immaterial. Despite its volatile, almost elusive appearance, cyber has nonetheless become a major aspect of this data war (*). By combining data and understanding it with increasingly sophisticated tools, cyber can manipulate, destabilise, destroy, deceive, lure, understand and sometimes predict.
Cyber is therefore as much an “influencer” on the masses (viruses, malware, propaganda, displays of false information, etc.) as a decryption tool essential to an intelligence agent’s analytic capabilities. Cyber does not change the principles of war but adds multiple possible modes of action to it (*).
The battle led against this data hike is constant. In fact, the government’s operational departments are producing more and more data, most of which remains unexploited. Even though the accelerated development of technologies favours innovative and complex projects, administrations still tend to constitute an under-exploited information heritage.
The impact of the proliferation of cyber data goes as far as intelligence, which is directly affected in its relation to the data. The data is, then, produced more quickly; in larger volumes; in a variety of sources that were difficult or impossible to access before; and exchanged through technical platforms which are also seeing a considerable increase. It is therefore now crucial to consider future computer tools that can help humans with data exploitation, in order to assist with extracting the requisite knowledge for data recovery and decision making.
The data tsunami
Confronted with this tsunami of cyber data, the common battle between man and machine is becoming a condition for success. The wider spread use of RPAs, or Robotic Process Automation, must now become a reality in the cyber intelligence domain in order to permanently detect threats and implement appropriate counter-measures. Algorithms will become the primary filters for the Analyst, with a view to accelerating information collecting, defining a changing threat and, ultimately, decision making.
Cyber Intelligence therefore allows for the following:
- Intelligence studies related to the creation of a digital environment target file, based on data taken from a multi-sensor approach, and therefore cyber;
- Studies on the communication structure and digital modes of action within a terrorist group, a State’s strategic cyber capabilities, or a zone’s telecom networks.
This cyber intelligence must be aligned with other intelligence tools and there is a real complementarity between SIGINT manoeuvres and Electronic Warfare. This domain requires a new form of agility and proof of continual innovation in research because this is a domain that is also continually evolving.
(*) BONNEMAISON Aymeric, “Cyber en bataille !”, published in Res Militaris, special issue, Cybersécurité, July 2015.