By Kevin Coleman — Defense Tech Cyberwarfare Correspondent.
Few people would dispute that countries around the world are rushing to establish centers for cyber defense. Successful attacks like Stuxnet, Ghostnet, as well as those against Georgia and Estonia and others have governments concerned about their cyber defense capabilities and the risks cyber attacks pose to their countries. Cyber defense like defense against convention and nuclear threats requires intelligence from a number of assets. Traditional intelligence activities, Human Intelligence (HUMINT) and Signal Intelligence (SIGINT) are critical components of Cyber Intelligence (CYBINT). Unlike conventional and nuclear threat intelligence, cyber intelligence needs to be near real-time and include Technical Intelligence (TECHINT) about vulnerabilities and the use/release of cyber weapons. In addition, CYBINT must identify and track those developing, selling and using cyber weapons on a global basis. This will create an intelligence challenge far greater than the one during the cold war. Cyber weapons require no special materials, virtually no facilities for development and only a modest level of funding, knowledge and skills that are widely available. This will pose and unprecedented intelligence challenge and require new skills and knowledge and extensive interaction with critical infrastructure providers as well as major players across the technology industry.
Effective CYBINT, like in traditional forms of conflict, could provide a country with information that would create a distinct advantage in cyber conflicts. The culmination of all source intelligence must generate threat profiling of state and sub-state actors and update these profiles on a near real time basis. The mechanisms needed to identify and gauge cyber capabilities and intentions as well as the ability to penetrate, neutralize threats are, for the most part, being researched and under development.