KISSIMMEE, Fla.—Geospatial Intelligence (GEOINT) plays a key role in helping the CIA better understand the cyber threats facing the U.S. and its interests, a senior official with the agency’s Center for Cyber Intelligence (CCI) said this week.
That intelligence is used by CCI at the” front-end” of operations through “finished analysis” for policymakers,” Dare King, chief operating officer of the cyber center, said on Sunday during a keynote address on the opening day of the annual GEOINT conference near Orlando. The “physical positioning” obtained by this intelligence is important, particularly when the U.S. has little to no access as in the case of China and North Korea, she said.
“Understanding the physical and temporal and geospatial realities facing a cyber operation can completely change the course of action and the analytic judgments of collection on the backside,” she said.
“Without the support of NGA (National Geospatial-Intelligence Agency) and other GEOINT partners, CCI would not be able to paint such a clear picture of the cyber threat landscape,” King said on Sunday during the opening day of the annual GEOINT conference near Orlando. “You may think of cyber as something ephemeral, that happens all in cyberspace, but it really isn’t. Hackers have locations, servers have locations, foreign cyber services have locations, and hacks have time and a temporal aspect.”
The speech King wanted to give about the intersection of her organization and GEOINT was “redacted” by the CIA’s public affairs and counter-intelligence offices, King said. That speech included input from analysts on how GEOINT informs their analyses, on how human and technical operators partner with NGA and others, and from technologists on how its use informs “how we understand the technology in the cyber threat domain,” she said.
Information flow between NGA and CCI is a two-way street, noting that CCI shares information that goes into NGA’s intelligence products.
King said that CCI, including herself, rarely speaks in unclassified settings but is sharing more about what it does to help attract and retain talent. CCI is the CIA’s “cyber mission manager,” combining human and technical capabilities to focus on foreign cyber threats, she said. The center partners with other cybersecurity stakeholders in the intelligence community and law enforcement to enable their missions, she added.
The cyber actors that CCI is most concerned with are China, Russia, Iran, and North Korea, and cyber criminals, King said. The nation states are divided into “two main groups” in terms of the cyber threats they pose to the geospatial community, she said.
These are Russia and China, which have “robust geospatial capabilities and agencies,” and North Korea and Iran, which “don’t,” King said. Russia and China want geospatial capabilities as good or better than the U.S. while the other two countries “want to steal our information and technology in the absence of their own,” she said.
A lesson learned from watching Russia’s cyber activities against Ukraine in their war is “they value collection over attack,” King said. Other adversaries in a conflict might favor more destructive cyber operations, she cautioned.
King said that Russia is improving its cyber abilities against the U.S. and allies and is targeting “critical infrastructure, including battlefield mapping systems, Starlink, underwater cables, and industrial control systems.”
China is out in front in targeting the critical infrastructure of the U.S. and its allies, hacking telecommunications firms, managed service providers, vendors whose software is widely used, and other targets with the aims being collection, attack—with a focus on countering the U.S.—and “influence operations,” King said.
“Recently, we’ve seen an uptick in PRC interest in targeting space-based assets and a shift from a focus on espionage to preparations and positioning,” she said.
If China thinks it will be in a “major conflict” with the U.S., Beijing “would consider using disruptive and destructive cyber operations against our critical infrastructure and military networks to attempt to deter U.S. decisionmakers and to undermine U.S. force protection,” King said.