WASHINGTON — The head of the Defense Intelligence Agency worries that the same lack of imagination that was officially cited as one of the U.S. failures in the 9/11 attacks also could be a threat to America’s ability to develop cyber counterintelligence.
The 9/11 Commission cited “failure of imagination” as the most important reason for the success of the attacks. The commission report said government officials lacked the imagination to link foreign students registering for passenger jet courses with the idea of a terrorist attack. The commission also attributed the success of the 9/11 terrorists to failures in policing, management and capability.
DIA Director Lt. Gen. Robert Ashley Jr. recently noted that the key to developing cyber counterintelligence may not be fine-tuning America’s existing cybersphere, but rather expanding it in order to foresee how adversaries’ emerging technologies could be used against the U.S.
“We lack the imagination to envision what some of these technologies could bring,” Ashley told the recent Zero Day Con conference. “We cannot let failure of imagination lead to a strategic surprise.”
As a result of the same limited scope, he said, the U.S. could be markedly susceptible to a similar “zero day,” or an attack without warning from an unanticipated source.
Ashley used the example of cancer to show how lack of imagination could cripple American planning. The National Institutes of Health and many other researchers have been searching for a cure for cancer. “But what’s the inverse?” asked Ashley.
Adversaries could be “creating a strain that’s literally impossible to cure,” he said.
The inverted methodology described by Ashley was not implemented prior to 9/11, according to Peter Singer, a consultant for the DIA and author of “LikeWar: The Weaponization of Social Media.”
“We were looking in the wrong places and at the wrong people for threats and missed the plot,” said Singer.
War gaming and training designed in part by industry experts looking “beyond the usual suspects and scenarios beyond the ones we wish for” could help the DIA start to look in the right places and at the right people, according to Singer.
“While so much of the discussion of online threats has been on hackers targeting the networks, aka ‘cyberwar,’ just as dangerous and effective has been hacking the people on the networks, driving ideas viral through a mix of (online) “likes” and (personal) likes,” said Singer.
The DIA is now looking at how sectors other than the military can provide insight into cyber counterintelligence, a spokesman said.
“We have to understand commercial developments, what’s happening in the business world, so we can understand how it may be used in the military framework,” said Kudla, the public affairs officer at the DIA. “Many of these practices were developed for consumers… Now, we’re seeing them be developed for a dual-use mode.”
But while Ashley is concerned about DIA lack of imagination, steps to address it have not yet been specified.
“It’s not a plan that’s written down on a piece of paper,” said Kudla. “It’s an ongoing process.”
The process consists of engaging with “government partners, partner nation allies, commercial vendors and academic centers,” he said.
Ashley called finding imaginative solutions to preventing cyberattacks “a team sport.”
“[Spreading ideas] is our strength,” he said. “It is our asymmetric advantage and it will be our asymmetric advantage in the future.”