The nature of cyber attacks against government and private networks is constantly shifting, as are the ways in which defenders must respond to them. The government’s top cybersecurity officials say information sharing with private organizations and the ability to publish information about offensive cyber threats from foreign adversaries has become a key asset in defending the public and private networks in the U.S.
State-sponsored attack groups from China, Russia, North Korea, Iran and other countries focus considerable resources on penetrating U.S. networks, gathering information, conducting cyber espionage, and other activities, and while each individual attack may be unique in some ways, creating a clear overall picture of the threat is vital for defenders. Recently, the Cybersecurity and Infrastructure Security Agency, National Security Agency, and other federal agencies have created new ways for private companies to share and receive information about attacks and threats, something that has become integral to the way the government responds to attacks on government, defense industrial base, and other networks.
“Our adversaries also target our economy. DIB companies are on the frontlines in cyberspace and are constantly targeted by malicious cyber actors. Over the past year, we have deepened our relationships with private industry through voluntary information sharing. Since the nation's critical infrastructure and systems are largely in private hands, these relationships have directly enhanced our operations, in addition to the security of their commercial systems,” Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the NSA, said Tuesday.
One of the key elements of this strategy is the Joint Cyber Defense Collaborative (JCDC), a CISA-backed initiative that began in 2021 and includes companies such as Amazon, Cisco, Google, and Microsoft. The JCDC is focused on defensive planning, information sharing, and dissemination of threat intelligence and defensive guidance. Unlike past efforts in this area, the JCDC doesn’t just involve private companies feeding information to the government, but involves reciprocal relationships and includes individual threat researchers and some foreign partners, as well. Nakasone said during a hearing of the Senate Armed Services Committee Tuesday that such efforts are invaluable in the current operating environment.
"The change that’s taking place in cyberspace is mainly in the private sector so partnerships are critical to what we’re doing."
“Our partnerships with the private sector are essential. The change that’s taking place in cyberspace is mainly in the private sector so partnerships are critical to what we’re doing,” he said.
“Cybersecurity is national security and we need speed, agility, and unity of effort.”
Nakasone said that while Russia, North Korea, and Iran remain significant threats in cyberspace, he considers China the “pacing threat” for the U.S. Part of the government’s response to ongoing threats from China’s state-backed groups is the creation of a new unit, called the China Outcomes Group, that is led jointly by Cyber Command and NSA and tasked with planning and response.
“Beijing is exerting influence worldwide through its rising diplomatic, informational, military, and economic power. China is a challenge unlike any other we have faced. Although we recognize that much of our effort will be in support of U.S. Indo-Pacific Command, China is a global challenge. The success of our efforts will depend in part on the resilience and capabilities of regional and worldwide partners. We are building operating relationships and also dedicating long-term work to enhance their cybersecurity and cyberspace operations forces,” Nakasone said.