NEW YORK — "If you think the US is the only one seeing all your data, you're sadly mistaken."
That's the message from former chief technology officer for the US Central Intelligence Agency, Gus Hunt, at the Bloomberg Enterprise Technology Summit in New York City on Thursday.
In a panel discussion, he discussed the Edward Snowden leaks that threw the US government and its Five Eyes allies — comprised of the UK, Canada, Australia, and New Zealand — under the bus.
But if you were expecting Hunt to point fingers at friendly and not-so-friendly states, you might be disappointed.
In discussing the post-Snowden ere, perhaps Hunt didn't recognize the irony that Snowden himself leaked the so-called "black budget" for the US intelligence services late last year, which outlines in near-precise detail how the CIA spends its money.
The CIA spent $14.7 billion out of the $52.6 billion the Treasury carves out for the wider US intelligence budget. The National Security Agency, which has been at the center of the leaks, takes in $10.8 billion, according to the leaks.
Last year, news broke that the CIA had spent $600 million on a contract with retail-turned-cloud-giant Amazon to provide a private cloud solution for unknown and undisclosed reasons.
So, mostly drone strikes and other operations, then? Not quite.
Hunt said that the intelligence agency adopted Amazon Web Services (AWS) to build its own procurement system. "The security was really superb," he said, noting that this was also true for a lot of other cloud providers. That security, he said, was end-to-end and on every layer of the infrastructure onion.
For the chief information officer, Hunt explained, inner security is just as important as the fence around a company's networks.
"If they can't find you, they can't attack you. And if they find you and attack you, you want to be really hard to attack," he said.
Arguably pointing out the obvious, Hunt noted that "It's the data, stupid," pointing to corporate and customer data — such as intellectual property and credit card data, for instance — as the primary motivation behind hackers' motivations and state-sponsored attacks.
"If someone gets inside your system, the outer layer of networking equipment is often very hard and resilient, but the inside layer is soft and gooey," he said.
His final takeaway was to harden the inside layer, by encrypting data to the highest degree. He described how if a hacker or state was able to break into the CIA's networks, "they would have nothing." He said the encryption the agency uses to protect its gathered intelligence and ongoing projects would make anything the hacker (or hostile intelligence agency) unreadable.