In response to an increasing number of cyber attacks, many governments have tasked their intelligence agencies with ensuring the safety and security of cyber space. This is a marked shift from the Cold War era when intelligence agencies’ main role was espionage in hostile countries. Their targets in this sense were clear and their tasks specific. However, perpetrators of cyber attacks today can hide themselves in the vast traffic of digital information. They might send computer viruses to a large indefinite number of computers and order them to attack a target by remote control. Or, they might take over someone else’s computer to eavesdrop others’ communications or to steal confidential information. This makes it difficult to identify the perpetrators of cyber attack incidents. With attribution becoming one of the core problems in cyber security, intelligence agencies are shifting their missions from espionage of fixed targets to wider surveillance of possible targets. This sometimes includes the general public.<br> The shift has been generated by three changes in the information society. First, governments need to care for unknown risks rather than known threats. Intelligence agencies need to cast wider nets to detect possible signs of risk. Second, digital communications lowers the costs of collecting, processing, analyzing, and storing information. These lowered costs make surveillance easier. Finally, the prevalence of social media platforms like Twitter and Facebook has meant that people are putting an increasing amount of private and sensitive information online, available for collection by intelligence agencies. These changes have compelled intelligence agencies to shift their practices, with signal intelligence (SIGINT) increasingly becoming more effective than human intelligence (HUMINT). This paper looks at case studies of the United States and the United Kingdom to analyze the shift in intelligence practices in response to cyber security.<br> In June 2013 former National Security Agency (NSA) contractor Edward Snowden revealed vast surveillance programs such as PRISM by the NSA. The British Government Communications Headquarters (GCHQ) was also revealed to be working in close cooperation with the NSA. Snowden’s revelations also shed light on hidden cooperation between intelligence agencies and information technology companies including Google, Microsoft, Apple, Facebook, Twitter and others. Without such cooperation, intelligence agencies face difficulties accessing the communications of possible targets. These activities have been amplified by cultures of anxieties after the 9/11 terrorist attacks. The U.S. and the U.K. might be exceptional cases, but other countries, including other democracies, are conducting surveillance in some ways. As more and more people get online, the needs for such forms of surveillance may grow. Governments worldwide must consider reasonable and proper ways to protect their nations in cyber space, while striking a balance between privacy and security. This is an unavoidable policy task to be considered in the information age.