U.S. swapping cyber notes with allies

The Defense Department has reached what Pentagon officials describe a key agreement with some of the United States’ closest international allies to share information in the cyber realm. The agreement allows the Pentagon to quickly share broad amounts of information on cyber attacks with the four other members of the so-called Five Eyes intelligence-sharing group ...

U.S. Air Force
U.S. Air Force
U.S. Air Force

The Defense Department has reached what Pentagon officials describe a key agreement with some of the United States' closest international allies to share information in the cyber realm.

The agreement allows the Pentagon to quickly share broad amounts of information on cyber attacks with the four other members of the so-called Five Eyes intelligence-sharing group (formally known as the UKUSA Agreement): the United Kingdom, Canada, Australia, and New Zealand.

The Defense Department has reached what Pentagon officials describe a key agreement with some of the United States’ closest international allies to share information in the cyber realm.

The agreement allows the Pentagon to quickly share broad amounts of information on cyber attacks with the four other members of the so-called Five Eyes intelligence-sharing group (formally known as the UKUSA Agreement): the United Kingdom, Canada, Australia, and New Zealand.

"We have far more ability to share, particularly in relation to network defense and information assurance, than we’ve ever had previously. That’s very positive," said Marine Corps Maj. Gen. George Allen, director of plans and policy for U.S. Cyber Command said on August 16. "I think you’ll see a far better partnership with our coalition partners than you’ve ever seen" as the Five Eyes countries integrate the information into their exercises and planning.

"At this point it’s not a full treaty because it’s more an operational type cooperation; it’s through a policy type memorandum of understanding," Eric Rosenbach, deputy assistant secretary of defense for cyber policy told Killer Apps during a Sept. 4 interview while discussing how the U.S. shares cyber information with its closest allies. The cyber information-sharing agreement falls under a 2003 MOU on general information sharing between the Five Eyes, according to a DoD spokesman.

The agreement will speed up information sharing, which is crucial in cyber, Allen said: "It’s extremely important because you may see a certain threat in the U.K. that we haven’t yet seen in the U.S. and you want to be able to try to bolster your defenses by seeing that before it hits us.  We still have a long way to go on near real time information sharing but the technology is there."

Agreements like the one between the Five Eyes are being reached as a result of a National Disclosure Policy regarding the sharing of sensitive cyber information that was enacted "just a couple of months ago," said Allen.

The new policy also allows less extensive information sharing with other U.S. allies around the globe, according to Allen.

"In some cases [info-sharing agreements are part of] a bilateral relationship, depending upon the country, in other cases we have agreements with groups of countries that come together," such as the Five Eyes, explained DoD’s Chief Information Officer, Teri Takai to Killer Apps during a Sept. 4 interview.

Defense officials say that information sharing partnerships like this one are badly needed to defeat cyber attacks since the cyber domain transcends national borders. Not only can attacks originate abroad, hackers in one country going after networks in another can often disguise their attacks to appear as if they are emanating from servers in a third nation. Furthermore, not all countries have the ability to detect cyber threats and attacks quickly. This means that a country whose servers are hijacked may not even know that it is hosting an attack.

"The more we can build a solid relationship with a partner, the more we’re going to be able to crack the code in rapid information sharing, indications, and warnings with those partners," said Army Maj. Gen.  John Davis, the military’s top advisor for cyber to the undersecretary of defense for policy on August 15.

"If we can do that, we can get these partners to rapidly react to [cyber attacks] that we may be seeing that they may not see. We may be able to tip and cue them so that they can take action. If some of their equipment is being hijacked, we can inform them, and if we have good working relationships we can leverage that to get them to take action rather than relying on any type of U.S. government activity because then you run into issues of sovereignty and that can be very complex," he said.

To that end, the Five Eyes countries are already sharing lessons learned on how to defend networks, according to Davis.

"We are able to leverage lessons from across the five eyes, and in fact, where we find some of these nations that have particular skill or abilities in one area or another, may lead a common forum to develop that and share it with the rest of the group," said Davis.

The Five Eyes agreement is an intelligence-sharing pact that was first signed by the United States and the United Kingdom just after World War II and was expanded during the Cold War to include the former British dominions of Canada, Australia, and New Zealand.

While rapid information sharing between the longtime allies of the Five Eyes is a start, the Pentagon needs to be able to share critical information with other allies, particularly in the Middle and Far East, according to Davis.

"Over time, we obviously want to expand that collective defense framework to include other partners besides those that have traditionally been our closest allies," said the Davis.

In many cases this will mean countries in Asia. 

"If one looks at the topography of the Internet, literally looks at a map of the Internet and the way the major lines of communications and trunk fiber optic cable goes…there are reasons you’ll want to invest in partnerships with countries that are outside of NATO but can still play an important role" in cyber, said Rosenbach."Part of that is just to defend our networks because DOD depends on capacity over lines that we don’t physically own and didn’t produce. It’s really important to think about the countries through which they run."

However, U.S. allies in the Middle East and Asia are sometimes reluctant to share information with each other, meaning that rather than a single multilateral information-sharing framework, the United States has had to resort to negotiating bilateral agreements one by one — a process that could slow the sharing of cyber info.

"The biggest concern that we have is really the cultural differences with those nations, when you look across the board at some of the nations that we deal with where you want to share information," said Army Maj. Gen. Steven Smith, chief of the Army’s cyber directorate on August 15. "When you’re talking about sharing with our host nation countries, there are trust issues between neighbors, so we end up having a lot of bilateral opportunities and not a multinational opportunity.

One of the challenges with sharing information with allies is by building a single more defendable network for sensitive communications, said Army Maj. Gen. Mark Matthews deputy commander of U.S. Army forces in the Pacific.

Right now, Army forces in the Pacific resort to using separate, secure networks that are designated for information sharing between the U.S. and its allies who may not have the same high network security standards as the U.S., according to Matthews. However, the United States must ensure that its networks can be defended against any intrusions by hackers manipulating allied networks that are tied to the Pentagon’s, said Matthews.

"The best we can do is to craft secure networks, especially because we’re moving more and more toward multilateral exercises, away from bilateral, and allowing them to play and have access [to U.S. information] we have to find ways to build that secure network," said Matthews on August 15.

To this end, the Pentagon is already requiring its closest allies, aka the Five Eyes, to meet U.S. military network security standards.

"One of the things we’re going to be requiring for our allies is that they have the same [security] infrastructure in order to be able to get information from our classified networks," said Takai. "That puts the pressure on them to move toward a similar security architecture, one of the things we’re working out right now is helping them with implementation, working with them on timing, we have the Australians coming in this week, in fact, to talk about that issue."

She was referring specifically to DOD’s requirement that everyone logging onto its networks to do so using a secure ID card as part of the department’s adoption of Public Key Infrastructure techniques.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

An illustration shows George Kennan, the father of Cold War containment strategy.
An illustration shows George Kennan, the father of Cold War containment strategy.

Is Cold War Inevitable?

A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.

U.S. President Joe Biden speaks on the DISCLOSE Act.
U.S. President Joe Biden speaks on the DISCLOSE Act.

So You Want to Buy an Ambassadorship

The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.

Chinese President Xi jinping  toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.
Chinese President Xi jinping toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.

Can China Pull Off Its Charm Offensive?

Why Beijing’s foreign-policy reset will—or won’t—work out.

Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.
Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.

Turkey’s Problem Isn’t Sweden. It’s the United States.

Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.