As ransomware incidents and state-sponsored cyber threats rise in sophistication and impact across the world, national security and defense agencies are trying to strengthen defenses accordingly.
While a number of strategies are in play to meet evolving threats, the National Security Agency and Department of Navy are tightening collaboration and training to help agencies significantly improve their overall cybersecurity postures.
NSA Cybersecurity Collaboration Center Subject Matter Expert Dr. Josiah Dykstra said at GovCIO Media & Research's Blueprints of Tomorrow event Thursday that collaboration allows public and private entities to create community, as well as share key data and important information to understand the threat landscape. NSA is trying to foster this community now with its bi-directional information-sharing with more than 200 partners.
“We talk together physically and virtually about what we are seeing and how we can learn from each other — that is the real value of those partnerships,” Dykstra said. “By our account we’ve had more than 4000 analytic exchanges this year alone. This isn’t just talk. It is real exciting to see it in practice.”
Dykstra said NSA has also started providing defense companies with several cybersecurity services, including the Protective Domain Name System.
“In the pilot of this program we’ve processed more than 3 billion queries and blocked more than 6 million malicious domains, including spear phishing and malware, so we know that it works and that it’s stopping bad things,” Dykstra said.
NSA is also fostering collaboration across other agencies to strengthen cybersecurity efforts. Dykstra said that software bill of materials can help align software security with the Pentagon's new software modernization strategy.
NSA has been collaborating with CISA and others in the cybersecurity community to try and figure out what are the right requirements and uses for SBOM.
“It has emerged as one of the key building blocks for cybersecurity, it won’t solve all of our problems, but it is an advancement to help the software supply chain and many people across cyber ecosystem recognize that,” Dykstra said. “I look forward to its implementation and the broad adoption, but I think we will learn a lot of lessons as we refine this model but it’s leading us in a very good direction.”
The Navy is also working on ways to address vulnerabilities that software dependencies can pose for DOD missions, the agency's Principal Cyber Advisor Chris Cleary added.
Cleary also noted that the Defense Department has focused on collaboration across its own the workforce — especially around holding everyone to similar standards for cyber awareness and training.
“We're aggressively pursuing this and keeping the workforce aware of vulnerabilities that they present with using equipment," Cleary said. "Everyone could be the savior, or everyone could be the problem. Spear phishing can really get you. It’s just continuing to build that awareness — you can be anywhere in the ecosystem and be a part of the attack surface.”
From a culture perspective, Cleary added that the Navy is trying to enforce the idea of "fighting hurt."
“You’re going to have systems that are compromised, whether it’s restoration processes or learning how to operate without certain pieces of technology," Cleary said. "When we get into the fight, we aren’t going to have the advantage of turning everything off. ... Some things are going to be degraded and there are certain levels of risk we must be willing to accept in the way that we execute mission. I think that’s the kind of attitude to have moving forward. There will never be a perfectly patched system."