What We Need are More Cyber Warrior Scholars

ALTERNATIVE PERSPECTIVES — The cyber domain is emerging as the first choice of battle space for many foreign adversaries of the United States, NATO, and other vital U.S. security partners. These adversaries with deep pockets do not adhere to the system of laws and norms for the free world. They also target infrastructure largely owned and operated by private sector entities. The result is a need for a collaborative U.S. and allied approach to cyberspace built upon willing partnerships across international, inter-governmental and public-private boundaries.

Some good news is that lessons on success exist from more than 20 years of worldwide U.S. counterterrorism collaboration combined with a culture of “shared floorboards” and “information sharing” between diverse stakeholders in U.S. cybersecurity.

Uniting to address a common threat and the sense of identity it provides is not a new phenomenon. Nearly two thousand years ago, Roman emperor Marcus Aurelius wrote “The mind adapts and converts to its own purposes the obstacle to our acting. The impediment to action advances action. What stands in the way becomes the way.”

Last year’s ransomware attack on Colonial Pipeline caused massive occlusion in one of the America’s largest energy delivery arteries. When Colonial shut down its systems a gas panic ensued on the East Coast. A simple ransomware attack created very dangerous situations for many U.S. citizens, businesses, cities and the economy in a very short time.

This past month’s suspicious explosions of two underwater Russia-to-Germany Nord Stream natural gas pipelines in the Baltic Sea near Sweden and Denmark demonstrate that the targeting of critical infrastructure for European energy consumers is equally jarring to free world economies.

It is increasingly obvious that the U.S. cannot adequately address cyber threats as a lone state actor. So, what does work? Are there lessons we can apply from researching the most effective intelligence collaboration, threat-sharing and operational planning efforts of the past twenty years?

In an ongoing effort to uncover those patterns or lessons, a National Intelligence University researcher recently interviewed intelligence analysts and their supervisors working on interdisciplinary teams across the U.S. government. Each of these teams — 41 in total — addressed different threats such as terrorism, counterintelligence, violent crime, public corruption, fraud and cyber.

The aim of the ongoing NIU study is to explore the chemistry of interdisciplinary teams that have formed since 9/11 in the U.S. intelligence enterprise and to understand how diverse intelligence teams integrate the unique skills of team members to protect the nation. A great deal of useful insight has been generated in the counterterrorism field where concepts like burden-sharing and comparative advantage drive willing cooperation among diverse security partners with a common adversary.

But as these interviews unfolded, the nation’s cybersecurity and cyber threat intelligence teams became outliers. Cyber analysts were describing their teamwork with extreme language such as “seamless” and “super-tight.” One supervisor noted that in the cyber community, integration is “supernatural.” They all described close collaboration, regardless of rank or title. A supervisor from a non-cyber team, wistfully recalled her time supervising cyber analysts, stating, “we were a really tight-knit team, we worked really well together.” She elaborated cross-boundary inclusion was commonplace in cyber teams.

There was something about cyber teams which set them apart. Perhaps it was the learning experience that takes place across different team roles; maybe it was the immediacy of the threat. Whatever it was, something about fighting the cyber threat connected colleagues and helped them overcome tribal divisions between departments, agencies, occupational specialties, and home organization