healthcarereimagined

CIO John Sherman and new CDAO Craig Martell reveal priorities for the department’s approach to AI.

Kate Macri Wed, 06/08/2022 – 14:46

The Defense Department’s new Chief Digital and AI Officer Craig Martell has been on the job for three days. In fact, he doesn’t have his DOD Common Access Card (CAC) yet. But he already has a roadmap for his priorities: improving user experience and aligning new AI products and services with combatant commanders’ mission needs by balancing tactical and strategic initiatives.

“One of the things we talk about is user experience, and that’s something we’re going to be working on,” said DOD CIO John Sherman during a fireside chat with Martell at the DOD Digital & AI Symposium Wednesday. “The ADA (AI and Data Accelerator) initiative, which will be one of your (Martell’s) flagship activities, with [Deputy Secretary of Defense] Kathleen Hicks’ full backing, you’ll be working with combatant commanders to really see what the problems are to unlock their data and help them get ahead of their particular problem sets, which will admittedly vary.”

Sherman said Martell will have a “key” role in implementing the department’s Joint All-Domain Command-and-Control (JADC2) initiative as well and expects Martell’s AI efforts to help the department “get better at zero trust.”

“We need to make sure CDAO has the very best technology to get after those mission sets,” Sherman said.

Improving user experience also drives Martell’s vision for AI across the defense enterprise.

“When we deploy [technologies and capabilities], when we do something like ADA or within Ukraine, how do we make sure the foundation of today will serve us tomorrow?” he said during the fireside chat Wednesday. “The bureaucracy is real. We need to find the right gaps and places where we can leverage value that will drive a cycle of change. A lot of folks believe DOD should be more like industry, some of that is true, but we shouldn’t force a square peg in a round hole. We need to keep the DOD, but make it more efficient.”

Martell’s new office will have a direct impact on JADC2, according to Marine Lt. Gen. Dennis Crall, who serves as director for Command, Control, Communications, and Computers / Cyber and CIO for the Joint Chiefs of Staff (J6).

“The speed of warfighting, the decision-makers are inundated with the amount of data,” he said at the symposium Wednesday. “We’re talking about hypersonics, the window of decision-making has shrunk considerably. That’s the gamechanger. There is a thought that JADC2 is only sensor to shooter, when really it’s about decision-making and data.”

The biggest challenge facing JADC2 implementation right now is being able to test operations at the tactical edge.

“If we did these in a garrisoned environment where power is stable, you have a lot of options — clean data centers, big data centers, reliable connections,” Crall said. “In the warfighting environment, it’s different. We’re operating in areas that are very austere where typical data distribution services may not be available at all and then you have an active adversary looking to disrupt the electromagnetic spectrum to further limit that ability. We have to do processing at the edge, what are those critical decisions and calculations and can we do this in a disconnected environment?”

AI capabilities and the new CDAO office’s focus on improving the warfighter’s user experience will help address these questions and concerns to help make JADC2 a reality.

“If this is about decision-making at speed, we ought to divide up our problem at speed,” Crall said about how AI applications can harness data for decision-making much faster than a human. “If you have to make decisions in milliseconds, where is the data? We’ve always had the right data for the right solutions, we just don’t know how to harness it. We should have due diligence to make sure IT solutions have warfighter input. We need to make sure IT storage solutions make sense at the tactical edge and make sure policies don’t get in the way.”

Article link: https://governmentciomedia.com/dod-cdao-top-goals-include-improving-user-experience-jadc2

Robin Carnahan, administrator of the General Services Administration, wants to “make the damn websites work.”

That slogan from her Senate confirmation hearing is really shorthand for, “we’ve got to deliver better for our customers when it comes to digital services,” Carnahan said in an interview with FCW.

Carnahan, a veteran of GSA’s digital shop 18F and Georgetown University’s Beeck Center, has been leading GSA for about a year. Earlier in her career, she was the secretary of state in Missouri, where she started to understand that “government services in the 21st century have got to be digital.”

Now, “the exciting thing is we have momentum and money at the same time,” she said. “We want to take advantage of it.”

Since many parts of the online experience with government are the same, like logging into a website, shared services are a tool to implement the White House’s priorities on customer experience, said Carnahan.

The idea that the government should tap into the savings and efficiency of shared services isn’t new, but Carnahan said that the technology has evolved, as has the way that it’s developed.

“We need to be close to our customers. We need to make sure we get feedback from them before we develop programs and implement things to make sure it’s actually serving their needs and in that tight feedback loop where we’re actually improving,” said Carnahan.

Changing the culture will require educating contracting officers and building cross-functional teams with procurement, design and technology employees “holding vendors accountable to get this done,” she said. “This is something that you build into future contracts and that you train folks to know how to both ask for and make sure is being delivered.”

GSA itself is also going to continue to build its platform of shared services products, said Carnahan. The agency is currently working on a shared services roadmap, directed by a 2021 customer experience (CX) executive order and due this month.

A major focus will be USA.gov, the GSA website that is being reimagined as an online “front door” to government services, said Carnahan. That falls in line with a White House initiative to provide government services along the lines of “life experiences” and the executive order on improving CX for users of government services.

Now, “the exciting thing is we have momentum and money at the same time,” she said. “We want to take advantage of it.”

Since many parts of the online experience with government are the same, like logging into a website, shared services are a tool to implement the White House’s priorities on customer experience, said Carnahan.

The idea that the government should tap into the savings and efficiency of shared services isn’t new, but Carnahan said that the technology has evolved, as has the way that it’s developed.

“We need to be close to our customers. We need to make sure we get feedback from them before we develop programs and implement things to make sure it’s actually serving their needs and in that tight feedback loop where we’re actually improving,” said Carnahan.

Changing the culture will require educating contracting officers and building cross-functional teams with procurement, design and technology employees “holding vendors accountable to get this done,” she said. “This is something that you build into future contracts and that you train folks to know how to both ask for and make sure is being delivered.”

GSA itself is also going to continue to build its platform of shared services products, said Carnahan. The agency is currently working on a shared services roadmap, directed by a 2021 customer experience (CX) executive order and due this month.

A major focus will be USA.gov, the GSA website that is being reimagined as an online “front door” to government services, said Carnahan. That falls in line with a White House initiative to provide government services along the lines of “life experiences” and the executive order on improving CX for users of government services.

When the award was first announced in 2021, GSA said that it would initially disburse $27 million and give more funding after benchmarks were reached.

Login.gov currently doesn’t meet the standard for identity proofing, called an “identity assurance level,” set by the National Institute of Standards and Technology, something that previously prevented the IRS in particular from adopting the service. The IRS and GSA are working to add Login.gov as an option after the 2022 filing season, but the head of the IRS has said that Login.gov will need to clear identity assurance level 2 and get to a higher transaction rate.

When asked if she was confident that Login.gov could get to the standards needed by the IRS for the service, Carnahan said that “there are lots of conversations that are continuing with the IRS and throughout the administration about this” as well as how to balance security, privacy and accessibility in identity proofing.

Carnahan also noted that it’s important that Congress “understands the value” of TMF investments like Login.gov, a project where it’ll be “easier to prove value” as more agencies adopt the service.

“We need to have sustained funding in places like the TMF because it’s really the only place in government that has a governmentwide view of what the technology needs are being assessed by technologists,” she said. Current budget cycles mean that agencies can’t move quickly when they identify a digital services need. 

The administration is asking for a $300 million appropriation for TMF for fiscal year 2023. Carnahan sees that funding as an investment that will create savings for agencies down the road.

“When people have problems signing in or accessing a website because of some identity problem, what do they do? They call,” Carnahan said, noting the high costs of staffing and operating call centers.

“My view is that better CX saves a lot of money,” she continued. “If you have a good design on a website or you have easy to read instructions, you don’t get calls in the first place .And so investing in good CX is not only good for delivery, it also ultimately is going to save you money because you don’t have to deal with things on the back end.”

Article link: https://fcw.com/digital-government/2022/06/momentum-and-money/367927/

By Chris Hughes June 9, 2022

Federal Approach to the Cyber Workforce

The federal space has been aware of issues with its approach to the cyber workforce for some time. Going back to 2015, the Office of Personnel and Management (OPM) helped with what was called the Federal Cybersecurity Workforce Assessment Act. It called upon the federal government to conduct cyber workforce planning. This included aligning roles with the National Initiative for Cybersecurity Education (NICE) framework and also identifying and reporting on critical roles through 2022. 

Building on this, other organizations have also studied and highlighted just how important cybersecurity is for the public sector workforce. In its whitepaper on the topic, the Cyberspace Solarium Commission (CSC) shared its findings that one in three public-sector jobs sit open.

4 Challenges of Public Sector Hiring & Retention 

Some of the common problems plaguing the public sector when it comes to hiring and retention of cyber talent include:

• Lower compensation than peers in the private sector
• Location restrictive policies that don’t facilitate widespread remote work
• Antiquated technologies and processes
• Painfully lengthy hiring timelines

It isn’t uncommon to hear from candidates who apply via traditional methods that they don’t get a response until months and, in some cases, years after applying for a role. Even in the best of cases, timelines are projected in terms of several months, whereas commercial hiring timelines are substantially shorter. Some of this of course could be due to clearance and investigation requirements, but is also undoubtedly attributable to legacy processes and policies. 

There is also the issue of legacy and slow-moving technology and systems that the workforce has to use. Earlier this year, the Director of Operations for the Air Force’s MIT AI Accelerator program penned a viral open letter dubbed “fix our computers.”

How Can These Challenges Be Improved?

There are several efforts underway to try and improve the situation. In addition to the aforementioned CSC recommendations and a federal cyber workforce strategy, cybersecurity talent management systems have been launched by organizations such as the Department of Homeland Security (DHS). That said, despite being launched in 2014, and costing tens of millions of dollars, the system only just celebrated its first official hire with plans to ramp up beyond that to several hundred by the end of the fiscal year.

What’s the Big Deal?

Some may be asking what’s the big deal with the federal challenges of hiring and retaining cyber talent. While the private sector is absolutely critical to the economy and even national security, the criticality of the mission sets are much different. The Department of Defense (DoD) and federal civilian agencies are responsible for everything from nuclear weapons systems and military logistics to key medical and social services such as Social Security, Medicare, and Medicaid. 

Failing to secure these systems will have severe ramifications for national security and social stability. Couple that with the reality that modern warfare will and does occur in the digital domain and it doesn’t look like a bright future. 

We, as a nation, must figure out how to bring some of the best and brightest to the federal cybersecurity workforce. This will take a myriad of changes, such as workforce and hiring practices, compensation adjustments, geographic flexibility, partnerships with academia, and more. That said, the security of some of our most sensitive and significant systems as a nation depends on these changes occurring.

Article link: https://accelerationeconomy.com/cybersecurity/why-its-so-hard-to-find-public-sector-cybersecurity-talent/

A multi-year hacking campaign shows how dangerous old flaws can linger for years.

By Patrick Howell O’Neillarchive page June 8, 2022

Hackers employed by the Chinese government have broken into numerous major telecommunications firms around the world in a cyber-espionage campaign that has lasted at least two years, according to a new advisory from American security agencies. 

The hackers allegedly breached their targets by exploiting old and well-known critical vulnerabilities in popular networking hardware. Once they had a foothold inside their targets, the hackers used the compromised devices to gain full access to the network traffic of numerous private companies and government agencies, US officials said.

The advisory did not include the names of those affected by the campaign, nor did it detail the impact it has had. But US officials did point out the specific networking devices, such as routers and switches, that hackers in China are thought to have targeted repeatedly, exploiting severe and well-known vulnerabilities that effectively gave the attackers free rein over their targets.

“These devices are often overlooked by cyber defenders,” the American advisory warned. They “struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”

The new advisory is the latest example of a radical shift among US intelligence agencies away from a culture of silence and secrecy. The organizations now routinely speak publicly to issue cybersecurity guidance. The new document is designed to help victims detect and eject hackers who have been infiltrating their networks for years. 

And it’s something bigger, too: a warning about the need for better basic cybersecurity for some of the most important networks in the world.

High risk of attack

Telecommunication firms are extremely high-value targets for intelligence agencies. These companies build and run on most of the infrastructure of the internet as well as many private networks around the world. Successfully hacking them can mean opening doors to an even bigger world of prized spying opportunities. 

The United States has its own documented history of such attacks. The National Security Agency, for example, once infiltrated the Chinese telecom and internet giant Huawei, reportedly both to spy on the company itself and to exploit the networking and telecommunications products Huawei sells worldwide. Ironically, that operation was prompted in part by continuing American fears that Beijing could use Huawei’s hardware to spy on American interests.

Related Story

The hacker-for-hire industry is now too big to fail

This is a big moment of turbulence and change for the hacking business. But the demand is here to stay.

In the newly reported cyber campaign, the Chinese hackers allegedly exploited networking devices from major vendors like Cisco, Citrix, and Netgear. All of the vulnerabilities were publicly known, including a five-year-old critical flaw in Netgear routers that allows attackers to bypass authentication checks and execute any code they choose—an opening that allows for a full takeover of the device and an unfettered window into the victim’s network.

The campaign’s success is a dramatic illustration of the danger software flaws pose even years after they’re discovered and made public. Zero-day attacks—hacks exploiting previously unknown weaknesses—pack a punch and demand attention. But known flaws remain potent because networks and devices can be difficult to update and secure with limited resources, personnel, and money.

Rob Joyce, a senior National Security Agency official, explained that the advisory was meant to give  step-by-step instructions on finding and expelling the hackers. “To kick [the Chinese hackers] out, we must understand the tradecraft and detect them beyond just initial access,” he tweeted.

Joyce echoed the advisory, which directed telecom firms to enact basic cybersecurity practices like keeping key systems up to date, enabling multifactor authentication, and reducing the exposure of internal networks to the internet.

According to the advisory, the Chinese espionage typically began with the hackers using open-source scanning tools like RouterSploit and RouterScan to survey the target networks and learn the makes, models, versions, and known vulnerabilities of the routers and networking devices. 

With that knowledge, the hackers were able to use old but unfixed vulnerabilities to access the network and, from there, break into the servers providing authentication and identification for targeted organizations. They stole usernames and passwords, reconfigured routers, and successfully exfiltrated the targeted network’s traffic and copied it to their own machines. With these tactics, they were able to spy on virtually everything going on inside the organizations.

The hackers then turned around and deleted log files on every machine they touched in an attempt to destroy evidence of the attack. US officials didn’t explain how they ultimately found out about the hacks despite the attackers’ attempts to cover their tracks.

The Americans also omitted details on exactly which hacking groups they are accusing, as well as the evidence they have that indicates the Chinese government is responsible.

The advisory is yet another alarm the United States has raised about China. FBI deputy director Paul Abbate said in a recent speech that China “conducts more cyber intrusions than all other nations in the world combined.” The Chinese government routinely denies that it engages in any hacking campaigns against other countries. The Chinese embassy in Washington, DC, did not respond to a request for comment.

Article link: https://www.technologyreview.com/2022/06/08/1053375/chinese-hackers-exploited-years-old-software-flaws-to-break-into-telecom-giants/

BY: GRACE DILLE JUN 7, 2022

The Department of Veterans Affairs (VA) Office of Inspector General (OIG) is calling on the agency to address its slow progress in improving its cybersecurity posture, but the VA said a lack of funding causes the agency to lose high-quality IT personnel.

At a House Committee on Veterans’ Affairs Subcommittee on Technology Modernization hearing on June 7, Michael Bowman, director of the IT and security audits division at the VA OIG’s Office of Audits and Evaluations, explained that the VA’s fiscal year (FY) 2021 Federal Information Security Modernization Act (FISMA) audit showed “limited progress.”

The FY2021 audit included 26 of the same recommendations from the FY2020 audit, and 23 of those have been included in every FISMA report dating back to 2018, according to Bowman.

“Our annual FISMA audit and other IG reports demonstrate VA has considerable work in order to achieve better IT security outcomes,” Bowman said during the hearing. “The number of persistent problems, such as weak access controls and deficient configuration management controls, underscores VA’s incremental progress towards improving its security program.”

However, Bowman did note that VA’s remaining FISMA recommendations are “more institutional findings and recommendations,” which he said, “are more difficult to resolve in a year’s time or maybe even five years’ time.” VA has remediated the newer findings quickly, Bowman said, and the institutional ones will “probably remain on the books for several years to come.”

VA’s Cyber Approach, Ongoing Challenges

VA’s new Chief Information Officer Kurt DelBene acknowledged VA can improve in certain areas such as manual processes, as opposed to only focusing on a longer-term approach.

“What I’ve found since I’ve joined the VA is we need to do a better job in terms of the manual processes we do to remediate vulnerabilities,” DelBene said.

“I think we’ve had this view of the long term where there’s automation across everything we do in order to secure the VA – and it turns out because of the complexity we have, that’s absolutely critical – but in the near term, especially with the issues that FISMA, that the OIG has identified, we can use old fashioned shoe leather to really just get involved in the particular systems,” he said.

Lynette Sherrill, VA’s acting chief information security officer echoed DelBene’s shoe leather vision, and said the agency is currently doing a “deep dive” into each of the 26 recommendations to “move these remediations forward on the most critical systems.”

However, at the same time, DelBene noted the VA faces ongoing challenges to improve its cybersecurity posture, such as a lack of funding to recruit and retain high-quality cybersecurity personnel.

“As you know, cybersecurity is an incredibly hot area in industry, and we compete every day with people that can earn higher salaries outside of the Federal government,” DelBene said.

“Just this past couple of weeks, we lost two people that we made offers to at the SES [Senior Executive Service] level, because they went to industry and got higher pay,” he added. “And it’s not small increases in pay – it’s actually substantial differences between what we’re able to pay and what industry will pay people right now.”

One possible solution, DelBene said, is to implement special salary rates for IT specialists. Another, he said, is reimplementing “on-call pay,” when an IT specialist is asked to sacrifice their personal time to be on-call for work.

A strong IT workforce is critical to building a strong cybersecurity posture. While the VA has a mission that energizes many employees, DelBene also said the agency needs Congress’ help to “augment that with pay that’s much more commensurate with where it is in the market.”

Article link: https://www.meritalk.com/articles/va-shows-limited-cyber-progress-calls-for-higher-pay-to-retain-cyber-employees/

By ALEXANDRA KELLEYJUNE 6, 2022

The American Data Privacy and Protection Act stands to improve American users’ data privacy and offers federal regulatory power.

A team of bipartisan lawmakers unveiled new data privacy legislation that stands to finally implement a federal set of regulations to protect Americans’ online information.

Led by Reps. Frank Pallone, D-N.J., and Cathy McMorris Rodgers, R-Wash., as well as Sen. Roger Wicker, R-Miss., the bill, titled the American Data Privacy and Protection Act, has an exhaustive list of definitions that work to give online users power over how their data is accessed and shared by host platforms and third party data brokers. 

“This bipartisan and bicameral effort to produce a comprehensive data privacy framework has been years in the making, and the release of this discussion draft represents a critical milestone,” the lawmakers said in prepared remarks. “In the coming weeks, we will be working with our colleagues on both sides of the aisle to build support and finalize this standard to give Americans more control over their personal data. This landmark agreement represents the sum of years of good faith efforts by us, other Members, and numerous stakeholders as we work together to provide American consumers with comprehensive data privacy protections.”

Should the bill become law, it would mandate corporate governing bodies of online platforms that harbor user data, in order to limit such bodies collecting that data and require them to specifically ask permission to access data in digestible language.

It also stipulates targeted advertising should be optional for online users and consumers and expands protections particularly for children and minors.

The Federal Trade Commission would be tasked with enforcing these new privacy requirements. 

“This bill strikes a meaningful balance on issues that are critical to moving comprehensive data privacy legislation through Congress, including the development of a uniform, national data privacy framework, the creation of a robust set of consumers’ data privacy rights, and appropriate enforcement mechanisms,” the lawmakers continued. “We believe strongly that this standard represents the best opportunity to pass a federal data privacy law in decades, and we look forward to continuing to work together to get this bill finalized and signed into law soon.”

Taking a page out of the European Union’s playbook, The American Data Privacy and Protection Act would also request the FTC conduct deeper studies on how younger technology start-ups can thrive in the current digital ecosystem.

Dispute data privacy and security being a new frontier for domestic and national security, the U.S. lacks a federal data privacy and protection law. Other lawmakers have previously introduced a bevy of bills aimed at expanding protections for U.S. online consumers to better understand how algorithms track and collect user data to curate content.

Article link: https://www.nextgov.com/analytics-data/2022/06/bipartisan-bill-establishes-all-encompassing-federal-data-privacy-standards/367805/

https://youtu.be/Qk-oc0_WRHQ

Fred BurtonForbes Councils Member

Forbes Technology Council COUNCIL POST| Membership (fee-based)

Jun 7, 2022,09:00am EDT

New York Times best-selling author, former special agent and security expert who helms the Ontic Center for Protective Intelligence.

The war in Ukraine may be the most documented conflict in human history. On social media, we can watch in near real time as military units prepare for battle. A few hours later, we see the aftermath.

Images are being posted and recirculated by an online community of open-source intelligence professionals and enthusiasts. The more analytically rigorous among them may have military, intelligence agency, IT and think tank backgrounds where they learned the skills and abilities that inform their analyses, providing in-depth explanations of battlefield successes and failures to anyone with an internet connection. Information and intelligence that was once available only to governments and intelligence services can now be seen and understood by anyone.

According to the Office of the U.S. Director of National Intelligence, open-source intelligence, also known as OSINT, is defined as “publicly available information appearing in print or electronic form including radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and drawings.” Typically, OSINT doesn’t include any information obtained using clandestine means, making it available to anyone with the ability to uncover it or pay for it.

As a former counter-terrorism agent and executive protection professional, I’ve used open-source intelligence extensively to understand my operating environment and maintain situational awareness, as have protective intelligence teams around the world. But the scope and scale of the OSINT we’re seeing in Ukraine demonstrate how much these capabilities have improved in recent years and how widely available the information has become.

For casual observers not involved in security operations, these developments may mark the first time they’ve seen OSINT used in practice. It demonstrates the incredible value—and risks—of freely available information. But the mainstreaming of OSINT also marks an opportunity for security professionals whose domains have expanded beyond “guns and gates” to include areas like supply chain risk, social unrest, labor shortages, pandemic monitoring and travel security. OSINT’s prevalence in our lives and this wider spread of awareness can make it a topic and bridge to engage colleagues across the organization—and to prove and enhance the value security teams provide businesses.

Here’s how.

First, we have the lightbulb moment. The growing societal awareness of the types of OSINT that are available and their value is an opportunity for a companywide discussion of what data and intelligence the organization might need, the best ways to find that data and how the analysis of that data could be leveraged to help other departments understand and mitigate organizational risk. This is especially true for business functions that focus on specific geographic locations, like logistics, travel security and strategic planning, or those that may deal with specific individuals, like HR, legal and mergers and acquisitions teams. Because the security team is likely already using OSINT as part of their operations, they’re often uniquely placed to understand where the most valuable OSINT can be found, how it can be used and potential pitfalls to avoid.

Second, OSINT can only help your organization if you’re able to identify and integrate the critical insights without getting stuck in information overload. The amount of OSINT available is staggering, but without a plan to analyze and integrate that information, your company will be drinking from a firehose of information. The growing usefulness of OSINT creates an invitation for collaboration between multiple business units to find ways to integrate their data within shared platforms and tools, finding the most useful data in proprietary and open sources to create a more comprehensive picture of the situation. The collaboration between units like HR, risk management, legal and security can decrease resource redundancy while real-time information is made available to the appropriate stakeholders.

Overlaying your internal datasets with OSINT material could yield positive results in many areas. For example, watching the war in Ukraine, it’s not uncommon for online sleuths to match an infrared picture from drone footage posted online to Google Maps data, giving clues about where operations are taking place. In companies, security teams may be able to extract metadata from social media posts to identify the locations of threat actors. In certain situations, this type of information could be integrated into travel and route planning for key executives.

Third, security teams can help the organization understand and communicate the risks and challenges that are present with open-source data. Security teams are often trained to analyze data to spot a wide variety of potential problems in different types of information. For example, information produced by certain outlets may contain biases based on its ownership, which could make their conclusions less reliable. Advanced analysis of images and videos may reveal where or how they were created. It’s not enough to merely find OSINT—the data must be evaluated and analyzed in an attempt to ensure its accuracy and reliability to determine if it’s also actionable.

Security teams are also uniquely placed to help companies understand the risks posed by publicly available corporate information. Employee information available online, either intentionally or accidentally, can be used to concoct social engineering schemes that could be the first step in a cyberattack. Maps of corporate facilities, building plans and photos taken inside facilities could be used to facilitate pre-operational surveillance in preparation for a physical attack. Members of the security team can help the organization see OSINT about the company through the eyes of an attacker and work to create ways to mitigate threats that the OSINT might create.

For some, OSINT is merely a curiosity. Harnessing the value of OSINT for your company and mitigating its risks are complex undertakings, but the mainstreaming of OSINT can provide your organization with a new way of looking at your operations and understanding risks.

Article link: https://www.forbes.com/sites/forbestechcouncil/2022/06/07/osint-goes-mainstream-how-security-teams-can-use-open-source-intelligence-to-help-companies-understand-risk/amp/

---

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Ardi Janjeva, Alexander Harris and JoeByrne 7 June 2022

DOWNLOAD PDF(18MB)

Click to access 330_OP_FutureOfOpenSourceIntelligence_FinalWeb.pdf

---

Main Image Credit Topographic map concept. Courtesy of cherezoff / Adobe Stock.

---

This paper explores the use of publicly available information and open source intelligence for national security purposes, and provides recommendations for future policy development.

This joint paper from RUSI and the Alan Turing Institute’s Centre for Emerging Technology and Security aims to establish an independent evidence base to inform future government policy development regarding the use of publicly available information (PAI) and open source intelligence (OSINT) for national security purposes. The findings are based on in-depth consultations with stakeholders from across academia, civil society, commercial organisations, law enforcement and the UK government.

The paper explores the extent to which the increasing proliferation of PAI – and wider accessibility of tools leveraging PAI for OSINT – is changing perceptions of modern intelligence. From this foundation, it asks what the commercial, cultural, policy and technological implications are for UK national security stakeholders.

Article link: https://rusi.org/explore-our-research/publications/occasional-papers/future-open-source-intelligence-uk-national-security