ISBN 162-6-37965-3, Lynne Rienner Publishers, October 2021, 441pages, $98.50
Reviewed by William Garrity, Joint Special Operations University
The recent uptick in cyber-attacks worldwide, whether criminal ransomware targeting the United States healthcare industry or likely state-sponsored attacks targeting Ukraine, has brought the specter of cyberspace threats to everyone’s doorstep. Constance S. Uthoff, in Cyber Intelligence: Actors, Policies, and Practices, describes the diverse nature of the threat and the Intelligence Communities’ approach to both understanding and mitigating the threat. Uthoff, an associate program director of the Cybersecurity Strategy and Information Management Program at George Washington University, though not an Intelligence Community insider, brings a scholarly approach to the topic that will enable the novice to quickly grasp the scale and magnitude of the threat.
Uhtoff immediately immerses the reader into the complicated world of cyber operations with the details of the 2020 SolarWinds supply chain intrusion that ultimately would span hundreds of companies and most of the Executive Branch agencies. The likely-Russian state-sponsored operation provides a timely example for the author as Uthoff utilizes the intrusion itself and the United States government response, to set the stage for her approach in the book. It is an approach that is both intuitive and informative, resulting in a work that is a ready reference.
The book begins by explaining key terms and concepts associated with cyber intelligence but fails to provide an overview of what is meant by cyberspace, the physical and virtual realities that define it, and associated terminology. This suggested overview would be extremely beneficial for the novice. Uthoff then turns to cyber threat actors, but surprisingly organizes the discussion based on a mixture of targeted systems (supply chain, financial sector, etc.) and techniques (ransomware); as opposed to by actors (nation-state, non-nation state, criminal organizations, etc.), though the author does dedicate a chapter to non-state actors later in the book.
Uhtoff in chapter three, “The Cyber Intelligence Cycle and Process,” explains in detail the fundamentals of the generic “Intelligence Cycle” and provides an overview of the types of requirements levied on the intelligence community with-respect-to cyber actors. The “Intelligence Cycle” can, and is, applied to any problem set. The author keenly points out how the Intelligence Community attempted to describe an intelligence cycle focused on cyber requirements. A discussion of more value would have been the different intelligence collection and production requirements levied by customers to support cyber security enhancement, defensive operations, and offensive cyber operations. That said, the author does touch on each of these in some form in the chapter. The author also delves into how the private sector is approaching the problem and teaming with government entities to develop best practices.
Of great value to both practitioners and academics focused on developments in the cyber realm is chapter four, “National Security Strategies and Policies.” Uhtoff, through obvious extensive research, works the lay person through the thought process pertaining to cyber operations from National Security Strategy, National Military Strategy, and National Intelligence Strategy. Included is an in-depth discussion of policy on each U.S. administration and the impact of such policies on cyber operations. This superb chapter warrants investing in this book for just this chapter alone.
In chapters five through eight, Uhtoff describes with impressive detail the evolution of cyber strategy, policy, and operations in the Office of the Director of National Intelligence, the National Security Agency, the Central Intelligence Agency, and the Federal Bureau of Investigation. The level of research and details is, again, impressive. The author provides not only well referenced documentation but historical examples which drove the evolution of these agencies with respect to cyber policy and operations. In chapters nine and ten, the author describes the expected difficulties with intelligence sharing and the always present issue of counterintelligence. The intelligence sharing discussion is bolstered with detailed accounts of legislative efforts to address problems of sharing that have plagued the Intelligence Community since time its inception. Uhtoff provides even more value in chapter nine by taking the reader through a historical review of cyber operations dating back to the first Gulf War and up to the recent fight against the Islamic State. In chapter ten, she delves into state and non-state actors, providing a comprehensive review of their operations, intent, and motivations. To include historical accounts detailing threat actor tactics, techniques and procedures. Uhtoff rounds out the work in chapter eleven where she examines emerging cyber challenges, chapter twelve where she provides a review of three case studies of cyber espionage, and finally in chapter thirteen with a discussion of the future of intelligence support to cyber operations. Overall, Cyber Intelligence: Actors, Policies, and Practices, is an impressive, well researched, and in-depth look at the cyber battlespace. It will serve as a ready reference for both cyber practitioners and academics for many years to come.
