Litan said only a handful of security companies focus on pre-empting attacks by finding criminal perpetrators and then uncovering how they act well before they strike. “This is the first initiative I have heard of that specifically targets U.S. supply chains across the board with the same intent,” she added.
U.S. intelligence officials are likely using data-mining tools to discover threats against supply chains in the darknet. By contrast, most threat intelligence companies don’t look for perpetrators and instead look for key words or IP addresses, malware or URLs that provide signatures, or they contribute to blacklists that can help private companies prevent attacks already started in another industry or another part of the world.
U.S. intelligence officers are also likely to use electronic surveillance techniques to focus on suspicious groups, then monitor what individuals in the groups are chatting, emailing or talking about, Litan said. “U.S. intelligence is more focused on the people and finding out the bad guys and government actors and accomplices, then seeing what they talk about and the traces they leave behind. They might be talking about infiltrating routers or polluting a manufacturing process.”
Sign up for CIO Asia eNewsletters.