U.S. spy agencies are broadening their efforts to collaborate with the private sector via a slew of new initiatives to foster the kind of government-industry partnerships that have helped analysts study data, track terrorists, and thwart cyberattacks.
Among several new projects, the intelligence community will soon add private-sector engagement to its workforce performance objectives. It is also working to improve analysts’ access to industry and academia-provided data, National Intelligence Director Avril Haines said Tuesday.
“We know that the private sector increasingly possesses certain unique and specialized talent, knowledge and capabilities in key fields of critical importance to national security that we don’t have access to in the government,” Haines said at an event in Bethesda, Maryland, hosted by the Intelligence and National Security Alliance, a nonprofit group supporting the U.S. intelligence community and industry counterparts.
The IC is training a team to downgrade classified information so it can be transferred to private companies, while agencies are developing a library of cleared intelligence products.
An Office of Partnership Engagement within ODNI has been established to facilitate and evaluate these efforts, she added.
Efforts are underway to bolster initiatives, like the National Security Agency’s Cybersecurity Collaboration Center, that enable the government and private sector to share information about cybercriminals and nation-state hackers.
Intelligence officials are working on acquisition guidance to help agencies sponsor sensitive compartmented information facilities, or SCIFs, for contractors, Haines said. SCIFs are air-gapped facilities used for exchanging classified data between intelligence operatives and officials.
Since 2001, the intelligence community has heavily leaned on the private sector for technology services to help their analysts, cyber warriors, and researchers spy on targets overseas and keep hackers out of U.S. critical infrastructure. The relationship was built on concerns that intelligence agencies and private firms were too stovepiped to properly share information to stop the plane hijackings.
For instance, the NSA for years had amassed a robust collection of zero-day exploits — hacks that target unknown system vulnerabilities that get their name because developers have “zero days” to patch them — that were discovered by private firms and sold to the agency to be used later for device break-ins.
More recently, a phone decryptor tool developed by private sector firm Cellebrite was used to break into the phone of Donald Trump assailant Thomas Matthew Crooks, underscoring the depth, speed and efficiency of collaboration that has evolved between law enforcement and industry players.
Public-private partnerships with the intelligence community have also been forged under sometimes controversial legal compliance regimes, where agencies like the FBI and NSA can compel communications providers to hand over data on foreign targets abroad that can be later queried for use in national security investigations.
In the federal civilian realm, the Cybersecurity and Infrastructure Security Agency has called public-private partnerships the “lifeblood” of its mission, arguing that industry operators often have visibility into hacking threats that are not immediately discernible to the federal government. CISA helps run the Joint Cyber Defense Collaborative — established in 2021 to encourage cyber firms to team up with the government to detect and deter hacking threats — though that group has been facing pushback this year over mismanagement complaints.
The 2015 Cybersecurity Information Sharing Act enabled many of these civilian federal collaboration efforts, though recent oversight reports have signaled that cyber threat information sharing still needs improvements. Those include obstacles in classified arenas where private companies may be barred from accessing critical information that their own cyber warriors can use to stop enemy hackers.
“We will make mistakes, and these initial efforts are likely to be a bit bumpy, so we also ask for your patience and assistance in improving them over time,” Haines told an audience of hundreds of private sector intelligence contractors at the INSA event. “We know you won’t always have time for this, and we are asking a great deal of you, but we need you, and we think you need us too.”