US intelligence agencies eye closer partnerships with private sector
The efforts include a new partnership-focused office, engagement goals for employees and efforts to make information more accessible, a top intelligence official said Tuesday.
U.S. spy agencies are broadening their efforts to collaborate with the private sector via a slew of new initiatives to better enhance government-industry partnerships that have frequently armed analysts with tools needed to study data, track terrorists and thwart cyberattacks.
Among several new projects, the intelligence community will soon update its workforce performance objectives to include engagement goals with the private sector, and is working to improve access to industry and academia-provided data for use in day-to-day work, National Intelligence Director Avril Haines said Tuesday.
“We know that the private sector increasingly possesses certain unique and specialized talent, knowledge and capabilities in key fields of critical importance to national security that we don’t have access to in the government,” Haines said at an event in Bethesda, Maryland that was hosted by the Intelligence and National Security Alliance, a nonprofit group supporting the U.S. intelligence community and industry counterparts.
Other key measures announced include allocating resources to train a specialized team for downgrading classified information so that it can be transferred to private sector partners, she said. Additionally, spy agencies are developing a library of cleared intelligence products for the private sector. An Office of Partnership Engagement within ODNI has been established to facilitate and evaluate these efforts, she added.
Efforts are also underway to further bolster information exchange programs akin to the National Security Agency’s Cybersecurity Collaboration Center that allows the government and private sector to share information about cybercriminals and nation-state hackers. Intelligence officials are also working on acquisition guidance to assist agencies in sponsoring sensitive compartmented information facilities, or SCIFs, for contractors, Haines said. SCIFs are air gapped facilities used for exchanging classified data between intelligence operatives and officials.
Since the Sept. 11, 2001 terrorist attacks, the intelligence community has heavily leaned on the private sector for technology services to help their analysts, cyber warriors and researchers spy on targets overseas and stop hackers from launching digital incursions into U.S. critical infrastructure. The relationship was built off concerns that intelligence agencies and private firms were too stovepiped to properly share information to stop the plane hijackings.
For instance, the NSA for years had amassed a robust collection of zero-day exploits — hacks that target unknown system vulnerabilities that get their name because developers have “zero days” to patch them — that were discovered by private firms and sold to the agency to be used later for device break-ins.
More recently, a phone decryptor tool developed by private sector firm Cellebrite was used to break into the phone of Donald Trump assailant Thomas Matthew Crooks, underscoring the depth, speed and efficiency of collaboration that has evolved between law enforcement and industry players.
Public-private partnerships with the intelligence community have also been forged under sometimes controversial legal compliance regimes, where agencies like the FBI and NSA can compel communications providers to hand over data on foreign targets abroad that can be later queried for use in national security investigations.
In the federal civilian realm, the Cybersecurity and Infrastructure Security Agency has called public-private partnerships the “lifeblood” of its mission, arguing that industry operators often have visibility into hacking threats that are not immediately discernible to the federal government. CISA helps run the Joint Cyber Defense Collaborative — established in 2021 to encourage cyber firms to team up with the government to detect and deter hacking threats — though that group has been facing pushback this year over mismanagement complaints.
The 2015 Cybersecurity Information Sharing Act enabled many of these civilian federal collaboration efforts, though recent oversight reports have signaled that cyber threat information sharing still needs improvements. Those include obstacles in classified arenas where private companies may be barred from accessing critical information that their own cyber warriors can use to stop enemy hackers.
“We will make mistakes, and these initial efforts are likely to be a bit bumpy, so we also ask for your patience and assistance in improving them over time,” Haines told an audience of hundreds of private sector intelligence contractors at the INSA event. “We know you won’t always have time for this, and we are asking a great deal of you, but we need you, and we think you need us too.”