Insight by ZeroFox

Agencies must fuse physical and cyber security with intelligence

A.J. Nash, the vice president for intelligence at ZeroFox, said that demand in the private sector is rising for the protection methodologies used by government.

Physical danger exists, not only for presidents and other elected officials, but also for appointees, senior officials and higher ups in industry.

Protecting people has always required an element of signal and human intelligence like wiretaps or monitoring of suspicious groups. Now the sheer scale of internet activity related to potential threats requires that organizations integrate their cybersecurity, physical security, and personnel protection into a single, comprehensive approach.

A.J. Nash, the vice president for intelligence at ZeroFox, spent 20 years in the U.S. intelligence community, both in uniform and as a civilian. He said that demand in the private sector is rising for the protection methodologies used by government. Therefore, the private and public sectors can share advances in tools and techniques, with the understanding that some functions and practices are solely the domain of government.

“But the private sector has the opportunity to innovate in ways that the government sometimes can struggle with,” Nash said, “just due to timing and resources and budgets and constraints. I think ultimately, it’s a team game; we need both sides. There are things the private sector can do, that the government can gain access to and advantage from.”

He adds that because many other are taking similar paths from the government to the private sector, collaboration gets easier “because we speak the same language, we follow the same guidance, and we understand the same laws, we’re able to work better together.”

Informing physical security with intelligence takes skilled use of open source information, Nash said. He defined that has “anything you can get off Google,” essentially. But it also requires closed sources, which can in turn require considerable skill to tap. Nash said these sources include data on the dark web encompassing criminal market enterprises and the communications networks they use. Beyond that are classified sources available only to the government.

Often, he said, open sources information can help an organization sort out what it discovers on the closed market. Even the intelligence agencies, he said, often pull in open sources “to get context to understand, why is this adversary speaking this way? What are they thinking?” Perhaps some event, like a large conference of an impending trade agreement is driving some conversation with security implications.

“So being able to bring all of those pieces together is very important,” Nash said. “I don’t know that any one [source] is more important than another. It really is just that having that holistic picture to look at.”

Specialized vendors like ZeroFox, Nash said, can spare agencies and companies from the expense and time of building the expertise and infrastructure they need to really mine and understand the depths of the dark web. A growing community of people outside the government has the expertise the government needs. But for any number of reasons, including the federal hiring process, its members choose not to work directly as a government employee.

A comprehensive intelligence strategy, Nash said, starts with “really take the time to understand, who are we serving? Who are stakeholders? And what are our intelligence requirements?” Once leadership answers those questions, it is in a better position to devise an efficient data gathering program, balancing between what it can do in-house and what it should outsource. Nash added, be sure to include the legal department when building an intelligence strategy.

A robust intelligence gathering group will be more effective the close it is to an agency’s cybersecurity and physical security groups. The ideal situation is a fusion of the three functions.

“I think it’s incredibly important for physical security organizations [and] folks who focus on executive protection,” Nash said, “to have a deep connection with the cyber-intelligence organization, the folks who are going to be able to see the indicators of planning that you wouldn’t otherwise be able to identify.

He added that a lot of would be adversaries intent on physical harm “aren’t necessarily capable of protecting themselves from really good intelligence professionals who are able to get into these environments. So I think it’s incredibly important for physical security organizations to be tied directly to folks who have that technical expertise.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.