The leaks of sensitive cyber tools from U.S. spy agencies in recent years will not impede the intelligence community’s push to adopt cloud computing and other hallmarks of a digitized world, according to a top intelligence official.
“In a world that is more connected, I worry about security all the time,” Sue Gordon, principal deputy director of national intelligence, told CyberScoop, but “I’m not disproportionately worried about cloud security because I can see some real advantages to it.”
“I think what’s nice about a more connected infrastructure is the ability to monitor” networks and detect threats, Gordon said.
The U.S. intelligence community has suffered high-profile exposures of its hacking capabilities, including last year’s “Vault 7” episode, in which a former CIA employee allegedly leaked information on numerous U.S. government zero-day exploits, among other tools. In the wake of the leaks, U.S. intelligence agencies have continued to wrestle with how to take advantage of convenient networking technology while protecting their prized digital assets.
“With each one of the exposures, [we have] addressed that exposure and then tried to create an environment that is more protected,” Gordon said. Artificial intelligence, and the network visibility it provides, can help boost security, she added.
Speaking Tuesday at FedScoop’s FedTalks, Gordon reflected on the security considerations that factor into adopting cloud computing on intelligence agencies’ computer networks across the world. “Security will be the piece that is most deterministic of how far we can go” with cloud computing at the edge of networks, she said.
“Here in the intelligence community, we are living through a constant struggle between protecting information and sharing information,” Gordon said. “Because we are a worldwide business, we need the same performance wherever we are,” she added.
U.S. intelligence agencies have increasingly embraced commercial cloud computing, most notably through a landmark $600 million project with Amazon Web Services that went online in 2014.
Gus Hunt, a former CTO of the CIA and current executive at Accenture Federal Services, told CyberScoop that adopting cloud computing “significantly limits exposure to cyber risks and allows organizations to leverage cloud technology to eliminate vulnerabilities, create a more defensible barrier and enable more dynamic cybersecurity.”
‘Whole of nation’ response
Gordon spoke to CyberScoop hours after Microsoft announced that it had shut down six internet domains set up by the same group of Russian military hackers that breached Democratic Party organizations ahead of the 2016 U.S. presidential election. Gordon welcomed Microsoft’s action, saying it was evidence of the U.S. government’s progress in working with the private sector to thwart advanced hacking threats.
“You’re seeing the whole of our nation coming up with responses to something that we find intolerable, which is messing with democracy,” Gordon told CyberScoop.
“If you think about where most of the exposure is [to] our adversaries, it’s not within protected systems of the government, but outside of that” in the private sector, she said.