Riaditeľka národného spravodajstva USA (Director of National Intelligence) Avril Hainesová vystúpila 27. augusta 2024 s prejavom na samite spravodajských služieb a národnej bezpečnosti INSA/AFCEA 2024.
* * *
Director of National Intelligence Avril Haines
2024 INSA/AFCEA Intelligence and National Security Summit
Rockville, Maryland, August 27, 2024
____________________________________________________________________________________________________________________
Thank you so much Maria. And thank you also, to Susan and Suzanne, and Ray and Tish, and everybody else. I feel like it’s just, it is wonderful to be here with all of you, our extended IC family, in so many different ways. But especially because I wanted to come here today to discuss a critically important effort that we’re engaged in across the intelligence community, one in which we could really use your continued help.
This is an initiative that every leader in the intelligence community has taken up. In short, we intend to truly revolutionize the way we work with the private sector, as well as, academic research and scientific institutions, to meet today’s national security challenges because we realize we have to, in order to keep the country safe.
We couldn’t think of a better place to have this conversation than here, as you all know too well, the barriers that we face in this arena.
AFCEA and INSA are critical, long-standing partners of the IC – for years, you have facilitated our relationship with the extraordinary array of private sector and academic stakeholders for different purposes. And this event serves to highlight how successful you are in doing so – but that also means you know how hard and how important it is for us to get this right.
I started as a civil servant in government over 20 years ago – maybe a little bit more – and even then, we were saying how we needed to improve our public-private partnerships. I don’t want to suggest that we haven’t made progress – we absolutely have.
But in today’s strategic environment, we need – the need, rather, for these partnerships, is far more acute, and the kind of partnerships we need, are often far more integrated across our community. This isn’t just about sharing information, though that is clearly part of it. We need to understand each other better, learn from each other, work together more closely, grow together, and sometimes even make decisions together.
This group understands historically, how important the private sector has been to our national security and academia. Not only has it been a source of national power by underpinning our economy, but over the decades, industry has repeatedly accomplished incredible feats when called upon to build our military strength and support our work in the Intelligence Community.
U.S. industry, with help from academia, put a man on the moon in ten years, and it provided almost two-thirds of our Allied military equipment produced during World War II – that’s 297,000 aircraft, 193,000 artillery pieces, 86,000 tanks, and two million army tanks, trucks. In four years, America’s industrial production doubled in size.
The need for a strong and diverse defense and intelligence industrial base has not changed, even as the key industries may have shifted over the years, with more today in AI and space, and digital technologies, and data – but there are other changes that have made our need to partner in new and different ways far more acute.
First, there is no question that certain industries now wield substantial geopolitical influence, and as the threat landscape has diversified and power has become more diffuse, so has the potential impact of the private sector’s work. This makes it crucial that we better understand developments in the private sector, as well as the overall balance of competitive strength and security, within key sectors.
Over and over again, we see how decisions made in the private sector have significant impact on national security matters of interest – intentionally or otherwise.
To name a few examples, we all recognize how influential and important our tech companies are – often on the front lines of election security threats, cyber vulnerabilities, pandemic risks, and in maintaining critical competitive advantages in key technology areas such as generative AI.
We also recognize the importance from a national security standpoint of our financial sector, energy sector, telecommunications sector, and aerospace sector, just to name a few – but also of private sector companies in other countries, such as critical rare earth minerals mining and processing companies – that we rely on in the context of supply chains that are fundamental to our prosperity and our national security.
And furthermore, technologies and tools that are produced and made commercially available by the private sector at times, lower the barrier of entry for states and non state actors to engage in malicious activity.
We’ve seen, for example, how some of the same digital technologies that were instrumental in facilitating civil society and freedom of the press in many places, sparked a backlash from authoritarian regimes, first to contain the risks posed by freer flows of information, and then to harness these same technologies, in pursuit of their own objectives to stifle freedom of expression and to suppress political discourse.
And we are increasingly relying on the private sector to implement sanctions against those who are threatening peace and security, and to ensure that adversaries like Russia cannot rely on our U.S. origin, or U.S. branded items, for their illegal war against Ukraine – but again, we need to learn from the private sector, the details of the supply chain to understand the potential impact of disrupting it, as well as the potential unintended consequences of doing so.
Second, we know that the private sector increasingly possesses certain unique and specialized talent, knowledge, and capabilities, in key fields of critical importance to national security, that we don’t have access to in the government – skills, knowledge, and capabilities that we need access to if we are to succeed in addressing the increasingly complex and varied threat landscape that we face today.
When I was a young physics student many decades ago, the cutting edge work that was happening was almost entirely funded by the federal government. Today, the United States still spends more than any other country on research and development, but as the data collected by the National Center for Science and Engineering demonstrates, over the past 30 years, business R&D has accelerated, while federal investment has largely plateaued.
And the fact is that today, the private sector and academic, research, and scientific institutions funded by the private sector are more often than not at the edge of innovation in fields that are crucial to our national security, and we need to improve our access to and understanding of what they are working on in key areas while also improving the efficiency and effectiveness of our capability and capacity to identify, develop, acquire, and scale innovation with and from such institutions.
And third – and finally – increasingly protecting the private sector is fundamental to our national security. This is true not only of privately-owned critical infrastructure that provides the most basic life support for our population or for the defense and intelligence industrial base, but also key sectors whose intellectual property, assets, and expertise must be protected from foreign adversaries in the context of strategic competition.
As reflected in the recent national counterintelligence strategy issued this month, foreign intelligence and security services, their proxies, and even non state actors persist in seeking to acquire our most sensitive information, technology, and intellectual property.
And to keep pace with these threats, as with all of the trends that I’ve highlighted, it is critical that we expand and strengthen partnerships and collaboration with the private sector and academia to not only improve information sharing, but to increase our insights into these risks, inform and enable threat mitigation activities, and will bolster our nation’s resilience, and facilitate collective action that is capable of promoting deterrence even as we seek to ensure that the United States remains a magnet for those with talent and vision from around the world.
And doing so is fundamental to our – and our allies – capacity to maintain a competitive edge in the context of strategic competition. In each of these scenarios, we recognize that the private sector is on the front lines of attack, and in addition to helping institutions protect themselves, we must engage them in a new and different way.
The leadership of the IC realizes the challenge before us, and each IC element is engaged in their own efforts to address these challenges, many of which you will hear during the course of this conference. But we have also come together to leverage each other’s work, and to truly revolutionize how we engage with the private sector, as well as academic, research, and scientific institutions, to meet today’s national security challenges.
We’re taking a systemic approach that doesn’t rely on specific individuals or ad hoc relationships that disappear when the people who built those relationships retire or change jobs. We’re instead seeking to fundamentally change the way we do business – seeking to incorporate the private sector and academia into practically every aspect of our work within the IC and establishing a culture of responsible risk acceptance that encourages engagement. A culture that promotes the sharing of information in support of our efforts to improve our collective insights, address threats, and facilitate a far deeper exchange of ideas.
And I imagine you may be skeptical, and I acknowledge that this is going to take some time, but let me give you some examples of what we’re doing and planning, to help you understand how significant the changes are that we’re planning to make.
First of all, I know that changing institutional cultures is hard, but I do believe it is possible, and already I think we are seeing some of what I’ve described in part because our leaders across the IC see the importance of this effort and are talking to their workforces about it. We all, however, recognize that this is not enough. So, we are taking a number of steps to effectively incentivize and facilitate a new level of engagement that is more consistent with the vision that I’ve laid out.
We have agreed to build into our personnel evaluation reports a performance objective that incentivizes engagement with the private sector and academia. We are also seeking resources to promote an effort to build and train a cadre of personnel dedicated to downgrading information for disclosure to the private sector, building off of a great model at DIA of analytic releasability cells.
We are also building out ways to improve the sharing of information across the IC, that you give us for such purposes, so that we’re not all calling you to ask the same question, over and over again.
And we are promoting iterative best practices for improved engagements, including by streamlining and expanding the appropriate use of one time read ins, and developing a library of products cleared for the private sector and academia, some portion of which will be made public. We have also established the Office of Partnership Engagement within the ODNI to facilitate the work and to evaluate our success.
For the cultural changes we need, moreover, we are encouraging our analytic community to think proactively about the assessments they need to produce specifically for key private sector awareness, as well as to encourage sustained collaborative analysis going forward, instead of only thinking about the assessments they have to produce for policymakers. We are seeing the results of this in what we regularly post on our ODNI website, a key portion of the larger transparency effort, that we prioritized in recent years.
And I should note that efforts like the one that AFCEA has partnered with DIA on, in, to build coalitions and strengthen networking opportunities between the IC, industry, and academia in the form of the TECHINT Conferences they’ve held, is precisely the kind of help we appreciate.
In addition to these efforts, in support of engagement, we are seeking to significantly improve the access that IC analysts have to expertise and knowledge in the private sector and in academia, so as to incorporate those insights into our work, while also supporting expanded analytic exchanges that allow both sides to combine our insights in ways that we believe will not only enrich our dialogue, but will also enhance everyone’s understanding of the challenges and opportunities in these key sectors.
And we’re doing this through a variety of mechanisms, including an external research council that will provide the National Intelligence Council and through them, all-source analysts across the IC, with the opportunity to access innovative external analytic research and to engage more regularly and collaboratively with experts who have critical external expertise and knowledge.
We are also planning a significant expansion of the IC-wide Public-Private Analytic Exchange Program that will be led by the Office of Intelligence and Analysis at DHS. The first phase of this is an expansion of the current and unclassified analytic exchange program in scale and scope, while simultaneously evaluating opportunities to conduct analytic exchanges that include classified information, which we know will take some time, but it’s absolutely worth it.
In fact, we have already been doing more analytic exchanges that include classified information in other fora across the IC, particularly in cyber. And I suspect many of you are familiar with NSA’s Cybersecurity Collaboration Center, which has significantly matured in the last few years and is helping to foster partnerships with industry, the interagency, and international partners to support the Defense Industrial Base on cyber threats and challenges. NSA additionally, building on this model, established the AI Security Center to partner with industry on securing AI.
And there is also the Treasury Department’s Cyber Collaboration Suite, or “T-Suite,” as they like to call it, which is breaking new ground in enabling exchanges between Treasury and private sector financial institutions on cyber threats. And then the Department of Energy’s Threat Analysis Center pilot, which is a public-private partnership and operational collaborative to address cyber threats, specifically to the U.S. energy sector.
And when it comes to the second pillar of our engagement strategy – improving the efficiency and effectiveness of our capacity to identify, develop, acquire, and scale innovation – we are also making a number of investments. And I’m not going to go through everything, but I’ll tell you about a few that are underway.
We are working on acquisition guidance that incorporates best practices to assist IC elements in sponsoring SCIF space for contractors to expand relationships with key industry partners – building on a successful SCIF access program pilot that was done by NGA and NRO and initiating a study to explore the feasibility of leveraging FBI and DHS SCIFs in key innovation hub areas for use by a broader set of government personnel and industry personnel.
We are promoting models like NGA’s successful Moonshot Labs, which is an unclassified innovation hub in St. Louis that enables industry, academia, and the IC to come together to create, collaborate, and innovate game-changing technologies to serve our mission, and NRO’s Center for Advancing Science, Technology, Learning, and Engagements, or what they call CASTLE, which also enables the IC and academia to promote experiential learning through limited-term projects and prototyping.
We issued policy guidance just recently and initiated our first training sessions to help IC elements leverage the recently expanded Other Transaction Authority that Congress passed, which offers greater flexibility for IC elements to develop programs that level, sorry, that leverage, technological innovation.
We are working with industry on the development of an emerging technology curriculum that will familiarize the acquisition workforce with the unique business considerations of emerging technology companies and the full spectrum of available acquisition authorities to integrate and scale innovative technology. And we are starting the first pilot courses this fall.
We are promoting broader IC use of successful models like NSA’s Program Triad and CIA’s Federal Labs, which are allowing for better integration of the program manager, mission, and technical leads through the acquisition and adoption cycle to accelerate user adoption and innovation at the speed of mission.
And CIA also brought on board a Chief Technology Officer and stood up a unit focused on leveraging America’s private sector technological expertise for national security advantage, while also prioritizing adversary technologies as a target for intelligence collection. CIA’s engagement with U.S. industry pioneered secure cloud computing for the IC, which we believe in turn, improved the design in cybersecurity standards for our corporate partners. NSA has also taken this effort to new heights by continuing to grow our partnerships and industry, with industry cloud providers, through NSA’s Hybrid Compute Initiative, which allows us to remain current with commercial innovations in the compute space.
And we’re also exploring novel contracting approaches, such as expanding the number of contracts awarded under the Small Business Innovation Research program, which enables rapid acquisition of USG-funded research and development and capabilities for operational use by the IC, and we are seeking to support more IC-wide contract vehicles that make it easier to scale innovation successfully adopted by one element across the entire IC.
And finally – we are expanding and strengthening our collaboration with the private sector and academia in defense of key institutions that are under attack through improved information sharing, analytic insights, and collaborative threat mitigation efforts.
The National Counterintelligence and Security Center is the primary organization within the U.S. government for managing, coordinating, and integrating counterintelligence activities. And I’ve asked them to establish a pilot Joint Threat Assessment Team, or “JTAT,” as we’re calling it, that draws on a model some of you may be familiar with – the Joint Counterterrorism Assessment Team, which was established with great effect at our National Counterterrorism Center years ago to improve information sharing and enhance public safety.
The new pilot will similarly be focused on improving information sharing with key private sector and academic, research, and scientific institutions that are subject to intelligence and security threats. In coordination with FBI and DHS, the JTAT will collaborate with other members of the IC to research, produce, and disseminate intelligence and security threat information for private sector entities within prioritized technology sectors and to advocate for the intelligence requirements and needs of those institutions. And this effort will, I think, be transformational, in helping to protect our institutions, but it is definitely going to take time for it to be fully functional and achieve the vision that we have in mind.
And beyond threats to these sectors alone, I’ve also asked the National Intelligence Council to begin leading efforts with the private sector and academia to evaluate the overall balance of competitive strength within critical global industry sectors and domains – to help facilitate more “net assessment” coverage and conversations. And this will be needed, of course, for many of the technology and technoeconomic categories of strategic competition you hear us prioritizing increasingly today, but they will also be needed for other equally important political and civil society categories.
And in sum, we have a great deal of work that is going on, and I am mercifully coming to the end of my remarks, but I do have one last thing that I want to discuss with you – we really need your help to make this work.
As we develop these efforts to revolutionize the way we do our business with all of you, we will be coming to you to ask for your help. Moreover, we will make mistakes, and these initial efforts are likely to be a bit bumpy, so we also ask for your patience and assistance in improving them over time.
We will want access to your insights, to your thinking on how your industry’s development is likely to affect national security, and we will want you to take steps to protect your own intellectual property, data expertise, and products and to help us think through the right governance models for various disruptive technologies that often provide extraordinary opportunities for society.
We know you won’t always have time for this, and we are asking a great deal of you, but we need you, and we think you need us too.
Together, we can better defend the freedom and independence of our society, including your institutions, while also making us more resilient to the dangers that exist from foreign actors. And together, we can enhance our “duty to warn” ability, defend and harden critical databases, protect intellectual property, secure infrastructure and critical supply chains, and so much more. In other words, we can help you better de risk in an increasingly risk-filled world.
And furthermore, we see this as a true partnership. U.S. policymakers expect the IC to provide the clearest and most complete picture of foreign risks to our country to help improve their decision-making and our nation’s strategic advantage. And this is an opportunity to participate in that – to ensure that as those decisions and policies are being made, that they will result in actions that will mitigate risks in ways that will deliver advantages to our country.
We should, we believe, that our interests and goals are complementary and compatible, and that this should work, but I also recognize that the IC has often tried, and failed, to do this effectively.
We can no longer afford to fail, and we need your help and your active support to optimize the success of this systemic, strategic whole-of-IC approach to the collaboration with industry and academia.
And I think you understand better than most what is at stake, and I am truly grateful for the help that both AFCEA and INSA have been providing for years enhancing our partnerships. I know how much I have personally, as a, an employee within government, benefited from their conferencing, networks, and thinking, and we want to build on that, and get even better.
Thank you so much for giving me this time and opportunity. Thank you.
* * * * *
Source: https://www.dni.gov/index.php/newsroom/speeches-interviews/speeches-interviews-2024/3987-dni-haines-as-delivered-remarks-at-2024-insa-afcea-intelligence-and-national-security-summit-27-august-2024
Image: https://www.facebook.com/dni.gov
