DIA director sees room for improvement in cyber intelligence and support

The Defense Intelligence Agency is responsible for providing intel on foreign militaries and owning all the intelligence directorates at the combatant commands.
Marines sit at a Joint Tactical Common Operation Picture Workstation, or JTCW. The Marine Corps opened up a bug bounty to find flaws in public facing Marine Corps systems.

The Department of Defense’s main intelligence arm is working to improve how it provides cyber intel to combatant commands around the world.

“We think that there’s room for discussion about what’s the future of cyber intelligence really is in partnership with Cyber Command, NSA and others across the community to really define where we need to go,” Lt. Gen. Scott Berrier, director of the Defense Intelligence Agency, said Friday at the Billington Cybersecurity Summit.

DIA is responsible for providing intel on foreign militaries and owning all the intelligence directorates, or J2s, at the combatant commands.

Specifically, Berrier discussed the challenge cyber intelligence provides compared with other domains, especially considering the plethora of open source information that now exists, both with threat intelligence firms and things like social media.


“If you think about foundational military intelligence, it’s based on understanding what the foreign militaries have, what the capabilities are based on the physical presence of these things. It’s harder in cyber, because you may know where a cyber facility physically is located, but you really don’t know what activity is going on inside that facility. You don’t know what tools are being taken advantage of. You don’t know what networks are being operated on,” Berrier said. “When you add the layer of complexity of all the publicly available information, what’s going on in social media in that space is huge and it’s a large, large gap, I think, for the intelligence community. We definitely have to get better.”

DIA last year was charged with being the defense intelligence enterprise manager for open source intelligence for all of DOD, Berrier said, which is raising discussions about what that means from a cyber context.

Others have pointed to the fact that intelligence support to cyber is still relatively new within the department.

“When we started in intelligence, intelligence support to cyber defense just wasn’t a mission. Now, it’s something that we do every day in support of the defense of the DoD Information Network,” Dave Frederick, executive director of U.S. Cyber Command, said during the same session, adding that Cybercom is a “tough customer” when it comes to cyber intelligence.

Berrier said that when it comes to intelligence support to cyber ops, there’s a lot to peel back. There’s a defensive component and an offensive component, he said, noting he looks forward to working with Cybercom on this.


In fact, DIA will be adding a cyber component to its replacement of the Military Intelligence Integrated Database, which was built 20 years ago to house intelligence data globally for the defense intelligence enterprise.

The Machine-Assisted Analytic Rapid-Repository System (MARS), which Berrier said should completely replace the legacy system by 2024, will eventually have five modules, one of which will be cyber.

“Understanding what those cyber facilities are worldwide, who operates within those facilities and how they operate will definitely be a large component. And I think we’ll build towards our understanding and knowledge of cyber operations worldwide,” he said.

Latest Podcasts