Light Dark
March 13, 2015 By Shane Schick 2 min read

The ongoing digitalization of surveillance processes, coupled with increased cybersecurity threats, has led the CIA to launch a digital directorate focused on improved monitoring and protecting electronic information.

In a letter that was made publicly available on the CIA’s website, CIA Director John Brennan said the Directorate of Digital Innovation would span activities such as listening in on social media channels, cyber espionage and more traditional security functions such as protecting email servers.

Experts told SC Magazine that while the CIA obviously needs to keep pace with modern forms of communication, the digital directorate could raise more questions about other public sector organizations such as the National Security Agency (NSA), which has been criticized for spying on citizens. As its reorganization takes shape, the CIA may need to explain which types of checks and balances will be put in place to prevent overreaches.

On the other hand, the Washington Post said the digital directorate will create better cohesion throughout the CIA, particularly branches that have focused on potential cyberattacks from foreign entities and those that provide various forms of data analysis. The overhaul will also provide a means of training and developing talent to help CIA agents avoid being tracked by their digital activities.

This is only the latest move by a U.S. government organization to take steps toward better IT security. Just last month, the White House announced a broad cybersecurity strategy as part of President Barack Obama’s State of the Union address, which looked at measures by which private businesses could better share information about data breaches and cyberattacks. With that backdrop, it’s unsurprising that the CIA is also placing greater emphasis on studying the way information is digitally collected and stored.

In a story from Reuters, former CIA officials said too much of the expertise on digital subjects has been siloed across the agency, which reportedly hasn’t pursued a reorganization of this magnitude in more than 20 years. Given external threats such as ISIS and internal threats such as Edward Snowden — who was a contractor for the CIA and NSA — the digital directorate feels nearly inevitable.

 |  |  | 
Shane Schick
Writer & Editor

More from

March 26, 2025

We are moving!

< 1 min read - SecurityIntelligence.com is being sunset, but have no fear!We have a new home for all of your favorite security and X-Force content.Follow us to www.ibm.com/think to maintain access to the stories and news you love, both new and old.Security Intelligence will officially sunset on Friday, March 28, 2025. To access the latest security thought leadership, go here. To access the latest X-Force research, go here.If you are experiencing cybersecurity issues or an incident, contact X-Force® to help:US hotline: 1-888-241-9812 | Global hotline:…

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature