Intelligence, Cyberspace, and National Security

ABSTRACT

This study evaluates military intelligence as the process of data collection and knowledge development and assessment for decision-making by the military and other governmental agencies. We argue that dominance in modern warfare is enabled by human and technological intelligence that uncovers the rivals’ capabilities and intentions, increases the effectiveness of the country’s own weapon systems, and facilitates the development of high-quality defense systems. Hence, gathering and evaluating intelligence is essential for countries involved in conflict or exposed to terror threats. We focus here on the strategic and tactical implications of intelligence in the context of an arms and intelligence race between two rivals. We present and assess models that show how security agencies in countries in a state of conflict (with other countries and/or non-country entities) should invest in developing their own intelligence capabilities to ensure adequate military (security) capabilities, national security, and welfare. Since advanced cyber attackers can infiltrate almost all complex computer networks to gather intelligence (and/or cause other harms), we show how countries can establish procedures and determine the budgets to optimally allocate cyber-defense resources to prevent harmful cyber-attacks on the complex computer networks that manage their infrastructure, business, security, and government operations.

KEYWORDS:

• Intelligence
• knowledge race
• arms race
• cyberspace
• cybersecurity
• budget allocation
• human capital

JEL CLASSIFICATION:

• D74
• D78
• D83
• D90
• H56
• H68
• J24

Acknowledgements

We are grateful to the editor and two anonymous referees for valuable comments and suggestions.

Disclosure Statement

No potential conflict of interest was reported by the authors.

Notes

1. The impact of information and knowledge superiority on military success can be illustrated by the following three examples. (a) During World War II, the Allies gained strategic and tactical advantages when they were able to decipher the ‘Enigma’ code, and when they used feints as part of the invasion of France in June 1944. (b) High-quality intelligence helped Israel gain a significant military advantage during the 1967 Six Day War; the 3-hour long air strike on its enemies’ air force bases at the beginning of the war was made possible, among other factors, by precise intelligence and out-of-the-box thinking. (c) Intelligence drones exhibit a major role in intelligence and counter-terrorism operations (Johnson et al. 2017). Israel is considered to be one of the most advanced nations in developing drones. In fact, Israeli drones have been playing a significant role in Israel’s intelligence operations since the early 1980s, and they are vital to its intelligence gathering today (Shpiro 2017).

2. See Figure 1.1 in Pecht (2013).

3. The definitions of other mechanisms (such as humint, visint, elint, disinformation, intelligence-related R&D, etc.) and descriptions of their use are available in Pecht (2013).

4. The fundamental premise of this study is that superiority in modern warfare comes predominantly from strategic and tactical intelligence, surveillance and reconnaissance efforts. For example, accessing a rival’s critical systems facilitates the assessment of his war and/or terror intentions, his physical, human capital and technological capabilities and their readiness. Clearly, efficient, safe and covert access to the rivals’ critical systems facilitates long-term, intimate and valuable information and, thus, is desirable at the strategic level.

5. There is a vast body of literature on the historical and organizational aspects of the intelligence community worldwide. See, for example, Brown and Rudman (1996), Garicano and Posner (2005), Posner (2006), Gilboa and Lapid (2008), and Méndez-Coto and Rivera Vélez (2018).

6. Hendricks and McAfee (2006) apply their model to assess the Allies’ D-day invasion of June 1944.

7. See Thales and Verint (2019) on the role of nations in gathering information in cyberspace.

8. A black-box model is an abstraction for a system (or device) which can be viewed in terms of inputs and outputs (through some transfer function), without any knowledge of its internal workings. In contrast, white-box models are often used to denote systems in which the underlying workings (such as their components and logic) are known.

9. There are direct and indirect effects of the country’s intelligence on the rival’s national security. First, effective intelligence of the country reduces the effectiveness of the rival’s intelligence due to the intelligence arms race (a direct effect). Second, high military capability of the country due to its effective intelligence reduces the rival’s national security, which depends on its own and the rival’s military capabilities (the indirect effect). These two effects are illustrated in the next Section.

10. Bar-Joseph (2013) provides a good example of the complex nature of the interactions among intelligence and other factors that contribute to the country’s military capability and national security.

11. The two types of the non-intelligence means can be interpreted in other ways, for example, as investment in two types of weapon systems (conventional and WMD, say; see Kagan et al. 2009), or in two, or more, military organizations (army, air force and navy, say). The definition of the types of intelligence competences should be consistent with the definition of the non-intelligence means.

12. Kagan (2004) shows how to extend this kind of model to account for multiple types of non-intelligence means and intelligence competences.

13. ${\alpha }_A<1$ ensures that the CES function is a regular strictly quasi concave function and that its rate of technical substitution is decreasing (Henderson and Quandt 1980). We require ${\alpha }_A<0$ to ensure stability in the two-country arms race (a simultaneous game).

14. The parameter values in Figures 2 and 3 are: ${\phi }_{I_{A,1}}={\phi }_{I_{D,1}}=0.5$, ${\phi }_{I_{D,2}}=0.6$, ${\alpha }_A$ =${\alpha }_D$ = −0.5,

${\beta }_A={\beta }_D=0.5,$ ${\tau }_A={\tau }_D=0.6$. All unit prices are set equal to 2, and $G_A=G_D=100$.

15. Country D’s military expenditure can increase or decrease depending on all the values of the model parameters. In both situations, however, country D’s security declines when the intelligence effectiveness of country A is higher.

16. Solutions of the model with various values of the parameters and exogenous variables are similar in nature to those that we report here.

17. The optimal open-loop solution of a similar model is available in Bar-El, Pecht, and Tishler (2020), which derives the general, multiple-period dynamic model. See Bar-El, Kagan, and Tishler (2010) for a comparison and interpretation of the closed-loop and open-loop solution methods.

18. Solutions of the model with various values of the parameters and the exogenous variables are similar in nature to those that we report here.

19. See definitions, statistics and real-world examples in Thales and Verint (2019).

20. This game is similar in nature to the intelligence race in the previous Section.

21. A Stackelberg game is a two-player extensive game in which a ‘leader’ chooses an action and a ‘follower’ is informed of the leader’s action and follows (Osborne and Rubinstein 1994; Roberson 2006).

22. The attacker’s utility is monotonically increasing in the amount of intelligence that is gathered. We conjecture that the amount of gathered intelligence in cyberspace is monotonically increasing in the quantity of malicious packets that reach the main server (say) of the organization’s network. Since malicious packets produce detectable traces that endanger the covertness of the attack on the network, this assumption is plausible.

23. The attack is revealed (and nullified) if the amount of raised alarms exceeds the defender’s vigilance level (see the second equation in the attacker’s optimization problem). The detection degree ${\varphi }_j$ of each detector is a measure of the set of rules or heuristics used to raise alarms to signal the existence of malicious packets in the network. The defender configures the detection degree; the higher the detection degree the higher the number of (truthful or false) alarms per malicious packet.

24. The proof of these results is given in the appendix.

25. It may be appealing to employ a convex relation between the degree and the cost of detection. For example, England (1988) discussed a convex relation between the desired probability of true detection to the resultant probability of false alarms. Note that the rate of false alarms is usually proportional to the cost of operating and maintaining the detectors. Such an extension to our model will not change the nature of our results.

26. The proof of this condition is given in the appendix.