In addition to the ongoing challenges I have discussed in previous blogs, there are also two future challenges that remain largely neglected although critical to address in the long-term.
I’m Not Running
SIGINT agencies are under increased pressure to avoid the perception that they have become politicised or act in a partisan manner. Russian interference in the US 2016 election provides an example of this challenge, pushing the US intelligence community into an awkward position. While intelligence agencies strive to be non-partisan, maintaining a neutrality (and the public perception of neutrality) has proved increasingly difficult. This was seen most clearly with the Federal Bureau Investigation (FBI) although the lessons apply to SIGINT agencies as well. Intelligence agencies are ultimately faced with a difficult balancing act, having to provide factual analysis without appearing to conspire against a political party or movement.
Intelligence agencies risk becoming politicised. Image created by Razvan Vezeteu.
The difficulties of politicisation have also been observed in the UK. Whilst it has transpired that Russia did interfere in the 2016 Brexit, the extent of interference appears to be largely insignificant. Yet for government officials and SIGINT agencies, commenting on the matter remains difficult. Bringing attention to what was minimal Russian activity, can lead to a perception that government institutions are undermining or questioning the legitimacy of the referendum result – an accusation readily made by polemic pro-Brexit news and media outlets. The UK government was able to avoid such thorny issues, claiming that while Russia did interfere, it was unsuccessful. However, where an aggressor’s disruption attempts have a more significant effect – as observed in the US election for example – the challenges for SIGINT agencies become significantly more complex.
SIGINT agencies find themselves in the middle of what are profoundly political issues. This will remain an ongoing challenge given that disinformation and political interference campaigns are trends set to continue. Although there are no easy answers, intelligence agencies should at least establish clearer protocols for communicating with the public during periods of disinformation and instability. Protocols could include guidance on how intelligence agencies should respond to accusations of their own partisan interference in an election for example. Governments would also benefit from broadcasting concerns in advance. Canada’s CSE deserves credit for outlining the cyber threats it anticipates will surface in its 2019 during federal elections for example. The key here is that such protocols are established ahead of time and then stuck to – making decisions on these issues in an ad hoc and reactive manner only invites negative accusations.
A second challenge that SIGINT agencies are now grappling with is the increasing amount of their material now being leaked. The Snowden disclosures provided the most visible example of sensitive files being stolen, although the NSA has since struggled to plug the gap. Harold Martin, Reality Winner and Nghia Hoang Pho are three NSA employees found to have retained or taken classified NSA files out of official premises and this has likely contributed to damaging leaks, such as the NSA tools distributed by the Shadow brokers.
The negative impact of leaks extend beyond damaged reputations. The Shadow Broker leak also undermined security with the NSA tools that were released online subsequently being used by North Korea in the WannaCry ransomware outbreak that disrupted systems across the world, including those in the UK National Health Service. Leaks may also undermine SIGINT agencies’ manoeuvrability. After NSA offensive tools ended up in the wrong hands – as was the case with the Shadow Brokers and WannaCry – questions arose about the extent to which the agency should be able to hold on to knowledge of vulnerabilities and led to renewed focus on vulnerability equity process debates.
If leaks are to continue, SIGINT agencies require robust PR strategies. They find themselves in a media battle against organisation’s with dubious motivations including WikiLeaks, a willing participant in state disinformation campaigns. With leaks provoking debates around the VEP and the future role of SIGINT agencies’, failure to successfully contain and limit negative headlines in the aftermath of a leak will increasingly harm SIGINT agencies. Governments are more likely to constrain their powers and tighten up VEP procedures in a climate where SIGINT agencies are not trusted for example.
Out Of the Shadows and Beyond
Rather than a second-order question of brand management issue, this blog series has illustrated how the public facing outlook of SIGINT agencies is now a core strategic concern. Crucially, the implications of a damaged reputation are profound. As SIGNT agencies suffer negative headlines, government leaders are more likely to reign their powers and capabilities in; recruitment in an already tough market becomes harder and their status as an authority on issues such as cyber security and public attribution is undermined.
Not all SIGINT agencies will want to pursue the same public engagement strategy. The focus here has been on Western SIGINT agencies and with a focus on the US and UK examples. Other states and cultures may approach these challenges in other unique ways. Different priorities, constraints and government institutional organisation setups all affect how SIGINT agencies can and should communicate publicly. The differences between SIGINT and HUMINT agencies should also be appreciated. While HUMINT organisations may face similar challenges in areas such as recruitment, embracing social media is not necessarily a viable strategy when a clandestine culture is more important in order to reassure human sources that their safety and anonymity is a key priority.
Yet, public engagement provides a useful, and increasingly necessary, tool for SIGINT agencies seeking to address challenges regarding the public perception of their role, as well as the challenges of cyber security, public attribution and recruitment. Public engagement policy should therefore be deeply strategic: its use should be directly tied to an organisation’s long-term interests. Key decisions makers in SIGINT agencies should start viewing public engagement not as just a risk, but also a clear opportunity.
Whilst many in the intelligence community will be cautious in shifting from a status quo of secrecy, the biggest risk arises not from going public, but in remaining deeply in the shadows.