The defense of critical infrastructure systems and the networks that support them has emerged as one of the top national security priorities, and U.S. cybersecurity officials believe the path to success lies in coordinated action and strategy across sectors to counter threats from advanced foreign adversaries.
One of the challenges of defending CI systems is that each sector has its own specific technologies, asset types, and operational considerations. The energy sector is different from the electrical sector, which is different from the financial sector. Though the CI sectors differ greatly in many respects, there are common threats facing them, advanced attack groups from Russia, China, Iran, and elsewhere that are interested in gathering intelligence and finding avenues for potentially disrupting operations.
On the other end of the wire, defenders and threat intelligence teams spread across those CI operators are collecting data on attack types and methods and learning lessons every day about their adversaries’ tendencies and targeting. While federal agencies have made great strides in sharing information among themselves in recent years, a large percentage of the nation’s CI is privately owned, so intelligence gathered on one side of the public/private fence does not always make it to the other side. Bringing all of those disparate threads together is the difficult part, but figuring out a way to do so may be the key to long-term success in CI defense.
:Cyberspace itself is not a sanctuary. The propensity to want to connect the dots is just as strong as it was twenty years ago (after 9/11). No one of us has enough insight to form a dot, let alone connect them,” Chris Inglis, the national cyber director and a former deputy director of the National Security Agency, said during a keynote at the Cybersecurity and Infrastructure Security Agency Cyber Summit Wednesday.
“We find ourselves using insights only from the territory we occupy, and don’t combine them as well as we should. We need to collaborate using all of our authorities and achieve a bottom line that a transgressor needs to beat all of us to beat one of us.”
Collective defense is not a new idea, but it’s a complex one, given the number of organizations, agencies, and people involved and the sophistication of the threats they’re facing. But the current leadership at CISA, which is the lead cybersecurity agency in the United States, has already made significant strides in bringing federal agencies and private organizations together to share defensive strategies and threat intelligence. The Joint Cyber Defense Collaborative (JCDC) that CISA announced in August is the foundation of that effort, a partnership between CISA and a number of private sector companies that is tasked with leading the development of the country’s cyber defense plans and CI defense capabilities. The JCDC includes technology providers such as Google, Cisco, Amazon Web Service, Verizon, FireEye, and others, with the idea being to bring together their collective capabilities to counter common threats.
“We need to get after ransomware. There’s this denied area in foreign space where we can’t get at the people we know are responsible."
“If you put all of those resources toward a threat, we have an incredible array of tools that can help everybody. It’s a defense of the ecosystem that wouldn’t be available to any of us individually. If you can integrate that and understand what each entity brings to the table, that’s your ideal situation. We want it to be a seamless effort,” said Alissa Starzak, global head of public policy at Cloudflare.
“It’s all happening before you had an incident. That’s going to be the measure of success if we can do that. The JCDC will be the measure of that and I don’t think we’ll ever want to turn back.”
Another part of that effort is making life more difficult for attackers who target CI systems, including ransomware groups, which have turned more of their attention to those high-value targets in the last year.
“We need to get after ransomware. There’s this denied area in foreign space where we can’t get at the people we know are responsible. That is the future, the next several years to knit together all those activities,” said NSA Director of Cybersecurity Rob Joyce.
CISA Director Jen Easterly agreed, saying the shift in targeting by ransomware groups has driven increased attention to the problem from her agency and others.
“This year was a real wake-up call in terms of ransomware attacks on critical infrastructure,” she said.