Intelligence in the Digital Age
A review of Amy B. Zegart, “Spies, Lies, and Algorithms: the History and Future of American Intelligence” (Princeton University Press, 2022)
Published by The Lawfare Institute
in Cooperation With
Amy Zegart’s “Spies, Lies, and Algorithms” describes how the U.S. intelligence community is working to adapt to an increasingly interconnected world and rapid technological changes that are dramatically changing both the threats the United States faces and the ways in which the intelligence community operates. The book provides a comprehensive overview of these new challenges, first setting them in context by describing how the intelligence community has developed and responded to prior rounds of technological innovations. Even since the publication of Zegart’s volume less than two years ago, technological change has continued to accelerate at exponential speed, with advances in generative artificial intelligence (AI), such as ChatGPT, and unprecedented applications of innovative technologies, such as naval autonomous systems and commercial drones during the war in Ukraine, reshaping the terrain on which the intelligence community operates. Zegart’s recommendations remain valid, and many have been incorporated into newly published U.S. government policies. Given the rapid pace of change, her analysis would benefit, however, from an updated review of the latest technological developments and their impact on global security and intelligence gathering.
The past two decades have witnessed a digital and technological revolution that has turned data into an essential source of power. New and emerging technologies such as AI, particularly machine learning; 5G telecommunications networks; biotechnology advances such as CRISPR gene editing; quantum computing; and smart cities will offer strategic advantages to countries and companies but will also pose new challenges and potential threats. The global order of the past century is rapidly giving way to a period of strategic competition in which great and regional powers are working to increase their influence on the world stage, including via the race for technological superiority. International conflicts are increasingly being fought in the “gray zone” of actions just short of kinetic action, such as cyber operations to collect and disrupt and information operations to influence populations. Given this dynamic, the intelligence community needs to stay on top of and leverage new technologies in order to collect, secure, process, integrate, and analyze massive amounts of data, both clandestinely acquired and open source, so that it can assess threats, provide warning, and make real-time recommendations in support of various national security actors, including warfighters.
Zegart opens “Spies, Lies, and Algorithms” by describing how technological breakthroughs—particularly those enabling the generation and collection of vastly greater volumes and varieties of data—are empowering both the United States and its adversaries and how American spy agencies are struggling to keep up. Given the national security challenges presented by recent shifts in geopolitical dynamics, the rapid pace of technological change, and the need for urgent responses, Zegart calls for the intelligence community to work more closely with the private sector to share information, combat threats, innovate, and find solutions by leveraging new technologies. She understands that strengthening public-private partnerships will require a radical shift in mindsets on both sides due to a variety of factors, including government secrecy, privacy issues, and a history of private-sector mistrust of American spy agencies. Despite those obstacles, the government seems to be thinking along lines similar to Zegart’s recommendations. Since the publication of “Spies, Lies, and Algorithms,” the government has published an updated National Security Strategy, National Defense Strategy, National Intelligence Strategy, and a new National Cybersecurity Strategy, all of which emphasize the importance of strengthening the government’s partnerships with industry to better understand the threat, share information, innovate, and develop interoperable solutions at scale that communicate within and across agencies and services and even across allied governments, such as the Department of Defense effort to create a Combined Joint All-Domain Command and Control.
Zegart also “decodes” cyber threats, offering a good overview of the growing role of cyber activities in national security toolkits. Those activities include cyber operations to steal data and disrupt service to information warfare designed to influence public opinion. She walks the reader through some of the most well-known and significant cyber operations, including the 2015 Chinese breach of the Office of Personnel Management’s vast digital files, the Russian government’s interference in the 2016 U.S. presidential election, the 2017 NotPetya attack, and the 2020 SolarWinds exploitation, the last two also undertaken by the Russian government. Cyber tools are being leveraged by nation-states, non-state actors, and criminals, and these assaults are costing the U.S. economy billions of dollars annually. Zegart describes some of the impacts on national security to include “sabotaging weapons systems, blowing entire spy networks, threatening massive disruption.” To defend against these threats, Zegart calls on the intelligence community to inform a much broader set of decision-makers, including American tech companies, and asks tech companies to step up to the plate and partner much more extensively with the government in sharing information about cyber vulnerabilities, threats, and attacks and on disinformation and misinformation.
Given the world’s growing reliance on all things digital and the increasing number and complexity of cyber threats, the government realizes it cannot do it alone. In March 2023, the White House published a new National Cybersecurity Strategy, which calls on government agencies to increase collaboration with industry to defend critical infrastructure, disrupt threat actors, and drive security and resilience. More intensive and rapid information-sharing about cyber threats and cybersecurity best practices is critical, and the National Cybersecurity Strategy offers industry several places where this can be done. The strategy identifies a variety of areas where industry can support the government’s goals, including development of cybersecurity tools, such as zero trust architecture methods and tools to improve software and hardware vulnerability assessment; advanced analytics tools to identify threats; modernization of government information technology structures; enhanced interoperability of systems to better share threat data; and supply chain risk mitigation tools.
Zegart notes that “new technologies, such as AI, are disrupting global economies at unprecedented speed.” AI can play a significant role in support of national security but also poses considerable risks. In addition to enabling the streamlining of business processes, AI can be used to process massive amounts of data in support of analysts, operators, and members of the armed forces. For example, AI is currently being used by the intelligence community for imagery analysis, voice recognition, targeting, and shortening of decision cycles on command-and-control platforms. But AI also poses risks. These include masking data provenance and introducing bias. AI can be used by the United States’ adversaries to compromise government systems and to spread false or misleading information.
Zegart notes that “AI is poised to revolutionize how wars are fought—automating everything from logistics to cyber defenses to unmanned fighter jets that can sense and attack faster than humans.” The incorporation of AI into weapons systems, such as swarm drones, for example, makes those systems more powerful. While it may be years before this vision fully becomes a reality, given AI’s military applications, the world should take note of China’s ambitious plan to be the world leader in AI by 2030 and guard against China’s theft of intellectual property and technology in this area.
Given the potential benefits, as well as the potential risks of AI, the U.S. government needs to move quickly in its execution of the October 2023 executive order on artificial intelligence, which addresses many of the challenges Zegart highlighted, including safety, privacy, algorithm bias, and the need for government-established standards to guide innovation. The intelligence community is in the nascent stages of updating its AI strategies, policies, and procurement requirements. Agencies have appointed officials to head these efforts, but much more needs to be done given the pace of technological change if we are to maintain our competitive advantage and successfully leverage the power of AI to protect our national security and citizens.
Data volume and accessibility are disrupting global economies and reshaping the intelligence world and spy agencies. Given the current threat landscape, the intelligence community needs to be able to leverage massive amounts of data—both open source and curated—to provide warnings, assess threats, and aid real-time decision-making in support of national security. Zegart argues that spy agencies are drowning in data and are struggling to adapt to the changes. She contends that “secrets still matter, but whoever can harness all this data better and faster will win.” To do this, the government will need adequate data management tools and advanced analytics, including methods reliant on machine learning, for data processing and exploitation, as well as to improve business processes. The government will also need interoperability of systems and data across agencies. The National Intelligence Strategy released in August 2023 stresses the importance of open-source data, data discoverability, data accessibility, and standardization, and it calls on the government to work more closely with partners, including the private sector, to innovate in these areas and develop interoperable solutions at scale. The strategy also calls on the government to streamline its procurement system to bring on new capabilities more rapidly.
The explosion of open-source information has also led to what Zegart describes as “the democratization of intelligence” and an expansion of the nongovernment intelligence ecosystem. She weighs both the potential benefits and risks to the government of this ecosystem through a case study on government and nongovernment analysis of nuclear threats. The government will need to determine how best to leverage the wealth of data streams and analytic capabilities in the commercial world and how to incorporate them into finished analysis. Given the shortage of cleared talent since the coronavirus pandemic, finding a solution to leveraging and deriving insights from massive amounts of commercial data outside of government classified facilities will also be critical.
“Spies, Lies, and Algorithms” is a must-read for anyone interested in the intelligence world or contemplating a career in the intelligence community, and it should be required reading for intelligence education courses. In addition to addressing the current challenges facing the intelligence community in the digital age, this well-sourced book begins with a quick tour through 250 years of American intelligence history—from George Washington as spymaster to Pearl Harbor—providing important historical context for formal establishment of the intelligence community after World War II and background on individual agencies’ missions, authorities, and cultures. Zegart also explains many intelligence basics, such as analysis, counterintelligence, covert action, and congressional oversight—and how technology is impacting all of these areas. The book would have benefited from a chapter devoted solely to foreign intelligence collection and human intelligence (HUMINT), as well as a discussion of how technological advances, such as smart connected products and cities, are affecting intelligence-gathering tradecraft. But those omissions do not significantly detract from its important contributions.
Zegart also highlights some known intelligence successes and failures, such as the failure to prevent the 9/11 attacks, explaining their impact on the evolution of the intelligence community, including the creation of the Office of the Director of National Intelligence. The book addresses challenges the community has faced over the years, including coordination and information-sharing weaknesses in a world of increasing threats, technological advances, and limited budgets. But it would also have benefited from a discussion of how the intelligence community determines its collection priorities and budget requests and how these decisions have influenced intelligence collection, preparedness, and warning over the years, including, most recently in the pivot from counterterrorism to the great power competition.
The legislative branch also plays an important role in the intelligence budget process, and Zegart’s description of congressional oversight done well is spot on: It “is nonpartisan and big-picture. It ensures that intelligence agencies get the resources they need and deploys them to maximum effect …. It maintains accountability, ensuring compliance with the law and generating public confidence in agencies that must, by necessity, hide much of what they do.” Congressional oversight is essential in democratic nations. Done well, it makes intelligence agencies stronger and better equipped to support policymakers and defend the nation. It plays a critical role in ensuring that covert action, as part of a whole-of-government strategy in support of foreign policy objectives, is used only when it is the right tool. Occasionally, after difficult debates, congressional oversight can result in laws that impose significant restrictions on intelligence collection, possibly to the detriment of the mission. One such ongoing debate concerns reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, which is now set to expire on April 19, 2024. Section 702 provides the U.S. with continued access to critical intelligence, including information on imminent threats and hard targets. Without its renewal, the United States’ ability to defend itself would be greatly reduced.
Given the proliferation of national security challenges, the pace of technological change, and the need for immediate solutions and new capabilities, the government cannot do it alone and must increase its collaboration with partners, including industry. The private sector has a lot to offer in support of all these areas, but the partnership needs to be more transparent, with two-way sharing of information and requirements, based on greater trust and mutual understanding. The government needs to invest more in innovation and research and development and to incentivize industry to do the same. The Chips Act, passed last year, was a good example of what is possible. There also needs to be more co-creation of capabilities via organizations such as the Defense Advanced Research Projects Agency (DARPA) and building out of more transition programs, so that great research from the labs can be transitioned into operational environments. Most importantly, the government must streamline its procurement system to bring on new capabilities more rapidly if the U.S. is going to continue to maintain its competitive advantage.
Zegart concludes that “in this emerging world, intelligence has never been more important, or more challenging” and that “a closer partnership across government and industry is required to meet these demands.” The challenges facing intelligence agencies and the dangers to democracy are real. Significant progress has been made, but time is of the essence.