The CIA's newest directorate marked its first anniversary this fall. The Directorate for Digital Innovation is the first new directorate stood up by CIA in more than 50 years. As the digital world is becoming more important, ingrained and integral in daily activity, DDI is responsible for accelerating the integration of digital and cyber capabilities across all of CIA's mission areas.
C4ISRNET caught up with DDI's Associate Deputy Director of Digital Innovation Sean Roche to discuss DDI's first year of operation and how the CIA is navigating in the digital domain.
Roche described DDI's first year as "nothing short of inspirational," highlighting "the amazing talent, the unwavering dedication, and the mission success delivered by our teams."
"Over the past year, the teams have collected, enabled and delivered the widest range of actual intelligence against highest priority threat issues we face as a nation — from counterterrorism, to cyber, to enduring strategic threats," he said. "The digital trade craft has increased our ability to execute planning, targeting, operations and analysis with the agility required to achieve results at the speed of mission. The agency's mission keeps expanding, getting more difficult, getting more complex and turning at a speed that we have never seen before."
DDI is contributing to and augmenting the classic intelligence and analysis operations the CIA has conducted throughout history. Roche stated that there aren’t any traditional mission sets within CIA’s portfolio that don’t have a growing digital element. Andrew Hallman, DDI’s director, noted in September that DDI creates better capacity to generate and understand threats for analysts, and it amplifies the human and technical capabilities of the operator.
DDI’s capabilities in leveraging the digital domain to augment traditional operations have also led to officers saying, "I never thought to ask for this before, but is there any way we could possibly" do x? Roche said, adding that the discussion continues from there.
What the CIA discovered in light of an internal 90-day study, Roche said, was that with the agency being "full throttle" since 9/11, personnel realized there needed to be more cohesion in the digital space at the directorate level.
"We really needed people devoted to saying, 'How do I enable and unleash that innovation by creating the mechanisms, by creating the process and the measures for how I understand what risk I am putting into this new tradecraft, for getting this incorporated into the tradecraft and working with two really special groups of colleagues: our counterintelligence teams and our security teams?'" he said. "The DDI’s main role was to unleash some of that innovation by applying not only the latest digital technology across the tradecraft used to execute the agency’s mission."
While Roche has previously mentionedthat open source information is just as, if not more, important than information gathered clandestinely, he clarified this position recently, noting that information on the clandestine side is also going digital with both open source and clandestine information exploding.
"The key is, it is not good enough to have big data," he said. "It is the management of that data, which starts with how that data is conditioned when it arrives so that multiple people, multiple missions, can make maximum use of it."
CIA Director John Brennan has highlightedgrowing global instability as "one of the defining issues of our time." Understanding these and other underlying trends goes back to the founding of the CIA and discovering where the next hot spots are, Roche said. Part of this problem is allocation of resources.
"The first order of magnitude that people miss is, what you really want is to use those big data tools, analysts and people to say, I only have so many satellites, I only have so many collection systems, I only have so many assets, ships at sea. Where am I going to trim that collection?" he said. There are teams currently examining how to develop methodologies for reallocating resources to best understand critical problems.
"If gas subsidies are being shifted by a government at the same time that the commodity price of rice goes up twofold, is that going to cause a social instability in that country? Being able to shift resources to get more answers to dig into ... a tough problem like that and trying to anticipate the spread of something like that happening, that is something that we are working toward," he explained.
The other component to understanding trends and getting to some level of accurate prediction is the intelligence community’s move to cloud computing.
"What is different about the [CIA] is that it is an all-source collector. We’re taking in data from both structured and unstructured data. One thing with a very, very capable computational backbone and we’ve moved to, in orchestration with the IC with the [Director of National Intelligence], to cloud computing," Roche said. "One of the reasons we did that is so that multiple teams throughout the IC can basically crowdsource a problem, bring different kinds of tools. When you go to a cloud configuration and when you commoditize the bottom half of the hardware stack you can focus on applications."
This new framework is called the Intelligence Community Information Technology Enterprise, or IC ITE, stood up by Director of National Intelligence James Clapper.
"IC ITE plays a very important role because it gives us both a very flexible and secure computation framework across the community. You need that," Roche said. "We’re already seeing cases where that’s had tremendous payoff, especially when we have to swarm on an issue very quickly as an agency."
Legacy platforms are less flexible, Roche said, explaining that systems are slow and become overwhelmed easily. "What happens, and we’ve had this happen a couple of times … is we have had more people than ever go into big, thick files," he said. These are large, thick video files, signals intelligence feeds and imagery.
"What the cloud builds you is that flexibility that it basically adjusts for how many people on demand. They do not have latency," he said. "It stays up. It’s reliable. They get the information they need and they are able to crowdsource it instantly. That’s a wonderful stability."
With these underlying frameworks in place, Roche explained that "what you are able to do over time is, you have very, very hot issues where you’re trying to get better fidelity and you have other long-term enduring issues where you’re trying to baseline that. By having tools that can help you establish baselines you get to the point where you measure the effective anomalies and eventually get to anticipatory."
Roche identified an unconventional issue as his biggest problem set in cyber: diversity.
"The other thing that is not a technical thing that personally I feel really strongly about is that, you really need diversity of ideas on solving these problems," he said. "When I looked at the workforce we got, literally the demographics of the workforce we got, it does not represent. This is true in a lot of IT … it does not represent yet the country that we are defending. There is an inherent danger in not having — especially for disruptive technologies — a very, very diverse workforce."
Roche noted that it’s important to have a wide array of employees from different backgrounds, experiences and education.
"A Russian actor acts very differently than a Chinese actor. Iranian actors are very, very different. They all have aspects of their signature, etc., and they keep evolving. In order to spot this, in order to keep ahead of it you have to have an incredibly diverse team," he said.
"I had somebody say to me, ‘That is your answer to the biggest threat?’ I am like, yes. It is, and by the way, we have proved it on a few teams by injecting in someone from a totally different viewpoint, someone with a totally different background," he asserted.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.
