2024 Priorities for the Intelligence Community

Available Downloads

Emily Harding spoke on a House Permanent Select Committee on Intelligence panel about the most critical technologies for staying ahead of competitors and creating an edge for the United States.

Image
Emily Harding
Director, Intelligence, National Security, and Technology Program and Deputy Director, International Security Program
Remote Visualization

  


The Intelligence Community (IC) is expected to be everywhere, all the time, with strategic and tactical insights. While the sheer number of geopolitical challenges today is immense, there are more opportunities than ever before for the IC to use technology to its advantage. Key to establishing an edge over competitors is accepting calculated risk and demanding forward progress, in part by asking difficult questions. 

This statement will highlight the technologies that could propel the IC forward in 2024. First, it will cover the most critical technologies for staying ahead of competitors and creating an edge for the United States, then it will lay out key questions that oversight bodies like HPSCI can ask to maintain that forward momentum. 

Critical Technologies for Competitive Edge

When everything is a priority, nothing is. It can be too tempting to chase every new technology and start a thousand pilot programs, rather than focus on a few key priorities and make real progress. Our research has identified technologies that are critical to U.S. success in strategic competition, across the intelligence and defense enterprise. Five of them are especially consequential tools for the intelligence community: Artificial intelligence (AI), quantum technology, space-based technologies, high-efficiency batteries, and bioengineering. This section will spend considerable time on IC advancements in the field of AI, given the focus on that area over the last two years, then cover quantum, space, batteries, and bioengineering. (For more information on these technologies, plus the defense-centric tools of robotics and secure communications, see Seven Critical Technologies for Winning the Next War, on CSIS’s website.[i]) 

Artificial Intelligence

Artificial Intelligence/Machine Learning (AI/ML) will accelerate most of the core functions of a national security apparatus. The ability to process huge data sets and focus on the signal through the noise will help intelligence officers more effectively provide indications and warning.[ii] Advances in natural language processing will help analysts sort through reams of text and draw connections a human brain might not notice. AI/ML will be able to review terabytes of data and tip and cue additional collection for human review. That pre-screening of data will speed the delivery of critical indications and warning to policymakers, who can then make decisions faster. Further, collectors will be able to make more accurate decisions about directing further collection, making more efficient decisions about fruitful collection opportunities. [iii] 

Artificial intelligence is the tech of the moment, but the intelligence community has worked to refine and apply AI over the last several years. The National Security Agency (NSA), for example, has integrated AI/ML into several processes:

  • In September 2023, then-Director of NSA General Paul Nakasone said that NSA had already integrated AI into SIGINT missions in some capacity.[iv] According to February 2023 press, “NSA officials utilize human language technology for speaker identification, machine translation of more than 90 languages, as well as speech-to-text processing.”[v] Additionally, NSA employs ML “to detect patterns in large quantities of signals intelligence in international web traffic, comb through news items and publicly available records and information and provide content for reports that are used by national security lawmakers.”
  • In January, Rob Joyce, Director of NSA’s Cybersecurity Division, acknowledged that NSA uses AI to identify hackers attempting to breach U.S. critical infrastructure. Additionally, the agency also uses AI to seek out AI-enabled hacking techniques. More specifically, Director Joyce mentioned that NSA uses ML and AI to assist cybersecurity investigators in tracing Chinese hacks aimed at U.S. transportation networks, pipelines, and ports. These hacks frequently employ ‘living off-the-land’ techniques, which blend hacking activities with normal system activities, rendering them exceptionally hard to detect. [vi]

During a September 2023 discussion at the National Press Club, then-CDRUSCYBERCOM/DIRNSA General Paul Nakasone announced the establishment of the NSA’s new AI Security Center. According to the accompanying DoD press release, this Center will “oversee the development and integration of artificial intelligence capabilities within U.S. national security systems.” According to NSA’s website, the AISC will “defend the Nation's AI through Intel-Driven collaboration with industry, academia, the IC, and other government partners.” It is also tasked with “detect[ing] and counter[ing] AI vulnerabilities and will use its “deep technical expertise and extensive threat insights to protect critical systems and anticipate emerging risks.” Lastly, it will also “advance partnerships with industry and experts.” AISC will also be housed within the NSA’s Cybersecurity Collaboration Center. 

Open Source Enterprise (OSE) is leading the way on applying AI to OSINT. Randy Nixon, director of OSE, discussed incorporating an LLM that will help analysts derive insight from vast amounts of public information in September. Ever focused on analytical integrity, Nixon said analysts will be able to see the original source of the information when the chatbot sums up open-source materials alongside citations. Nixon also stated that the new AI tool will be rolled out ‘soon,’ and will be available across the IC, including to NSA, FBI, and military-run agencies.[vii][viii] Central Intelligence Agency (CIA) Director of Artificial Intelligence Lakshmi Raman recently said that CIA has drawn on Amazon, Google, Oracle, Microsoft, and IBM to assist with AI development and implementation, in particular through cloud computing capability. [ix]

Elsewhere in the IC, the National Geospatial-Intelligence Agency (NGA) has also been a leader in leveraging AI to develop key insights from terabytes of IMINT. In April 2022, Jim McCool, the thendirector of NGA’s Data and Digital Innovation Directorate, outlined how NGA has pursued its mission using these tools.[x] For example, the Source Maritime Automated Processing System (SMAPS) is an AIpowered tool designed to help analysts process data from ships, which NGA tracks to make the world’s waterways safer.[xi] The Defense Intelligence Agency (DIA) has folded AI/ML into Machine-assisted Analytic Rapid-repository System (MARS), an AI-assisted system designed to “make sense of big data and create analytic bandwidth.” MARS is expected to achieve operational capability in 2024, and full operational capability in 2025.[xii] In a recent event at CSIS, then-Director of DIA, Lieutenant General

Scott Berrier, described how DIA has incorporated AI/ML and other technologies into DIA’s business practices. 

Despite these advancements, the IC is still slowed in its incorporation of AI by both real and imagined constraints. Security concerns are omnipresent—the IC cannot afford to allow poisoned data or biased algorithms to warp its collection and analysis. However, an extreme risk aversion is likely more dangerous than accepting some degree of risk in testing AI-based tech. 

Quantum

Quantum computing will make the impossible suddenly possible. Quantum experts estimate—with low confidence—that a useful, utility-scale quantum computer, capable of far better computation than today’s supercomputers or high-performance computing, will be commercially in use within the next decade, and other uses of quantum technology are likely closer.[xiii]

Quantum sensing, in particular, would create an intelligence edge by allowing for sensing of small changes in an environment.[xiv] Next-generation sensors could detect slight underwater pressure changes and tiny atmospheric shifts and provide high-accuracy GPS and receiving signals for radar communication.[xv] 

The advent of quantum computing means that today’s secrets will soon no longer be secrets. The encryption we use now to secure our top secret networks could be obsolete within five years. A functional quantum computer will provide an open window into any nation that has neglected to update their encryption practices to a post-quantum environment. There will be a significant first-mover advantage for whomever can achieve quantum decryption without the knowledge of the owner of the communications.[xvi] 

A quantum sprint will require encouraging bright scientific minds to turn their sights on quantum advances. According to McKinsey, there is only one qualified candidate for every three quantum jobs, and by 2025, less than 50 percent of quantum computing jobs will be filled.[xvii] To meet this need, the intelligence community should build on the Intelligence Community Centers of Academic Excellence Program by adding a quantum track of study.[xviii]

Space-Based Technology

With the increasing sensitivity of sensors, more is possible from low earth orbit than ever before. Sensors that now need to be mounted on air-breathing platforms to collect an image or other data with fidelity will become effective from increasing distance, in particular if on-orbit processing can reduce the quantity of data transmitted to ground stations. Some may be able to provide useful information with persistence mounted in a geo-synchronous orbit.[xix] The National Reconnaissance Office is investing in hyperspectral imagery from space, collected both by government and commercial assets. For example, the agency granted a study contract to a company in 2019 to explore ways to collect detailed hyperspectral data from space, rather than from air-breathing assets. The company claims it will be able to collect hyperspectral data from 104 spectral bands.[xxxxi]

High-Efficiency Batteries

Long-lasting, light, and reusable batteries will provide a critical edge in intelligence work. For example, these batteries could power stealthy, long-dwell undersea vehicles designed for surveillance of distant foreign shores; those batteries could recharge through the motion of the waves or occasional surfacing for solar power. Long-lasting batteries will help power small sat space technology as well. Miniaturized batteries will be essential for covert and clandestine surveillance and communications devices, which are sometimes crafted to look like an everyday object and often must be passed clandestinely to a critical source. Insect-sized microbots could infiltrate a hostile area unnoticed or facilitate search and rescue.[xxii][xxiii]

The commercial sector has a huge financial incentive to create long-lasting and sustainable miniaturized batteries.[xxiv] For example, the medical industry is driving extreme miniaturization in order to create wearable diagnostics and implantable medical devices. Intelligence demand will share some overlap, with additional needs, like heat-free solutions and batteries that do not degrade when exposed to water or in extreme heat or cold. Acquisition experts should look for the 80 percent solution and the 100 percent solution as two different requirements: off the shelf products will do 80 percent of the job, but in a small percentage of use cases, only the 100 percent solution will do. Those small-percentage use cases should be built and bought separately.[xxv]

Bioengineering

Put simply, bioengineering is the future, and out of all the technologies on this list, it is the technology most likely to present an enormous collection challenge, alongside being a potentially useful tool for the IC. At its extreme end, bioengineering can create sophisticated weaponry, markers to track individuals, or detection devices for a range of substances.[xxvi] Biosensors could be a game changer for surveillance, either at the individual or population levels. DNA markers can track a person, while governments can track the health of a population through biosensing.[xxvii] Similarly, biosensors could be tailored to flag certain chemicals and other types of contamination as well as complex signatures such as radiation, acoustics, and electromagnetism.[xxviii] Biological compounds could be used to tag specific items or individuals and track their progress or verify their identity. The dark side of bioengineering is sophisticated and deadly bioweaponry, including genetically modified pathogens to which humans have no natural immunity and that are resistant to vaccines.[xxix] Scientists could also create specialized toxins that disrupt water or food supplies. Understanding the possibilities—and what an adversary with little regard for human life could do with them—will be critical to defense, including detection and antidotes.[xxx] 

Intelligence Advanced Research Projects Activity (IARPA) is tacking the bio challenge with the Biointelligence and Biosecurity for the Intelligence Community (B24IC) program. According to ODNI, this initiative “represents the IC’s latest investment in research that pushes the boundaries of biointelligence and biosecurity understanding and technologies.” The IARPA-led B24IC program aims to develop technologies that “Enable biological material attribution and/or origination and new sensing modalities for austere environments and living systems,” “Facilitate methods for improving biosecurity through cellular memory,” “Lead to new capabilities to effectively and securely transfer biological data,” “Detect and/or characterize highly-sensitive biomolecules and biological targets of interest,” and “Strengthen digital and physical security of infrastructure, instrumentation, databases, and data associated with synthetic biology, biological samples, and biotechnologies.”[xxxi] 

Tech Forward: Accepting Risk and Maintaining Momentum

The IC takes risks every day, sending ops officers into harm’s way, establishing computer network penetrations that could be discovered, and creating covert action programs. However, when it comes to other activities, like procurement and analysis, the IC tends to be risk averse. Oversight bodies such as HPSCI could ask the following questions of IC leaders to drive consistent progress on incorporating technology into workflows. 

  1. How are you evaluating the risk of bringing new technologies onto the “high side”?

What tech do you see as high risk, but worth the benefit? What do you see as low risk?

No new technology will ever be, completely safe. Accepting some degree of risk is essential for progress. Each IC agency needs a process for evaluating the risk and reward of bringing on tech as a pilot, then taking it to scale. Part of this process needs to be allowing industry to know requirements, key intelligence questions, and results of testing. 

The intelligence community must urgently find a middle ground between security of data and systems and allowing private entities access to U.S. government data for training AI/ML systems and testing government applications. The government should create two tiers: (1) a sanitized, likely public data set that researchers can use to train and develop AI/ML, and (2) a restricted sandbox where vetted industry partners can work and demonstrate capability. For the latter, the default should be access for U.S. companies, with security officers needing to show security concerns rather than the applicant needing to prove a lack of vulnerabilities.[xxxii] 

  1. What kinds of objections are you hearing from your security professionals? How are you evaluating those objections? Is there an appeal mechanism, whereby an Agency senior can balance risk against mission need?

Security professionals in the IC know that hostile foreign intelligence services are attempting to penetrate their security measures. Some of those services are sophisticated and working to compromise the software and data that feeds into IC assessments. At worst, security professionals can lean into “no” as the default answer. No is safer. They might not see the mission requirement as quite as pressing as the security concerns. But a consistent no can block both the harmful and the helpful. 

Every agency should have a methodology and a process for adjudicating risk and reward. The security verdict cannot be the final say; there must be a person senior enough to accept the risk and say yes. That “yes” can empower those working in the agency to move forward without fear of being blamed for an amorphous potential problem. Willingness to say yes requires the gravitas of rank and the perspective of a senior officer, so this appeal mechanism likely should end with the deputy secretary or deputy director of the agency in question.[xxxiii]

  1. How are you taking advantage of an unclassified environment to test technology? How can open source intelligence (OSINT) serve as a testing ground?

The IC has made considerable strides in growing OSINT as a discipline and cultivating it as a valuable element of intelligence. OSINT provides the opportunity to use AI/ML tools on “low side” systems, which are unclassified and lower risk. The IC can test these tools for efficacy on the low side, then, if they have proven their worth, can go through the rigorous process of vetting and testing to bring them up to the classified systems, or “high side.” 

Creating an innovative hiring model could solve two problems: training OSINT talent and retaining diverse candidates through the security clearance process. OSINT analysis can be more akin to data science than foreign affairs; a well-rounded analyst will know how to do both. The IC has struggled to hire enough data scientists, given they must compete with tech companies and other entities hungry for the same talent. Taking a foreign affairs major and training them in basic data science methods takes time, and the opportunity cost of that time is quite high for an analyst working on a hot account. 

Separately, the IC has continuously striven to improve the diversity in its hiring. One hypothesized reason for a lack of diversity is the uncertainty that comes with the security clearance process. Not everyone can go without a salary while waiting months for adjudication of a clearance. Some take other, lucrative offers while they are waiting and never look back. The IC should create an OSINT on-ramp for those who are waiting to hear about their security clearance. When a candidate receives a conditional offer of employment, they should also receive an offer to begin work immediately in the OSINT on-ramp. There they will learn basic data science skills and OSINT tradecraft. Those who receive a clearance will take their new skill set and knowledge of these research methods with them to their new accounts on the classified side of the IC. 

  1. Is there an off-the-shelf solution that accomplishes 80 percent of requirements, rather than spending the time and money to get to 100 percent? What are we giving up with that 20 percent? Will the mission be harmed with an 80 percent solution?

The government’s descriptions of what it wants tend to be extensive, overly detailed, and focused on requirements, not core capabilities.[xxxiv] For example, a request for proposals might list 30 features for a piece of software, when instead it could describe the end capability and let the proposers figure out the most effective way to create that capability. These detailed requirements can eliminate from contention an off-the-shelf solution that meets 80 percent of the need. The company’s alternative is to rework the product, potentially spending millions, in the hopes of recouping that money by winning the contract. 

IC leaders should be able to answer questions about how their agency is procuring capabilities, including how they are introducing flexibility into contracts. They should be able to explain the circumstances under which only the 100 percent solution is acceptable, and in which case an 80 percent solution that brings in off-the-shelf capabilities is enough. For example, software that provides needed accommodations for physically impaired officers exists on unclassified systems and could be procured off the shelf, with few adjustments. However, a software system that can keep track of the cover identities of officers and ensure they get paid consistent with their cover is a unique need and will require a 100 percent solution. 

  1. How are you bringing the perspectives of industry into your future planning? Asked differently, who do you have on speed dial? How are you planning to send your rising stars through private sector rotations so they can develop necessary ties with industry leaders and practices?

The IC is by necessity an insular organization. Keeping secrets is a lonely business. But IC leaders have come to recognize that the IC cannot meet mission alone. To understand how U.S. adversaries are advancing in critical areas of deep tech, the IC will need access to esoteric expertise. The IC cannot have one of every type of scientist on staff. Rather, it needs a variety of expertise and an ability to consult with experts in a range of sub-fields at a moment’s notice. Having a reserve cadre recognized and pre-vetted by security, so agencies could give a one-day read-in for classified questions, will smooth the path when an urgent question arises. 

Further, just as the IC rotates officers through other elements of the U.S. government, it should allow rotations through industry. Sending an officer for a year-long rotation at a cloud provider, AI company, or other industry critical to the success of the IC would provide insight to both parties on how to better work together. 

Conclusion

We are in a moment of disruptive change. AI, bioengineering, and quantum computing will create ripples in ways we do and do not expect; the intersections of these technologies will vastly accelerate trend lines. The IC will be racing to collect indications of adversaries’ progress in these fields, just as it is attempting to create an intelligence edge by using this tech itself. 

The IC and its overseers should be explicit about what risks it is accepting in its forward progress, then IC seniors, authorizers, and appropriators should move forward together. Steady momentum will require tough questions, accountability, and a focus on the technologies that will make critical difference in strategic competition. 

Please consult the PDF for references.