- US defense firms are handling sensitive information that makes them targets for adversaries.
- The NSA, led by its Cybersecurity Collaboration Center, combats cyber threats by partnering with those firms and others.
- Morgan Adamski is director of the Cybersecurity Collaboration Center for NSA Cybersecurity.
Our adversaries are constantly probing the computer networks of US critical infrastructure operators, especially those in the defense industrial base (DIB).
More than ever before, US DIB companies handle sensitive information that makes them targets for adversary countries — particularly Russian intelligence agencies and other proxies of Moscow, but also the government of the People’s Republic of China — that want to steal our secrets or degrade our defenses at any time, but especially during a time of geopolitical conflict. Our previous efforts are no longer enough.
The National Security Agency is dedicated to protecting these companies, which research, produce and maintain systems critical to our nation’s defense. I run an organization within NSA called the Cybersecurity Collaboration Center. Our mission is to combat cybersecurity threats through close partnerships with companies from the defense industry, and select service.
With all these partners working side-by-side, we develop a comprehensive threat picture and work towards stopping aggressive attempts by foreign adversaries to gain access to critical US networks, specifically the DIB.
Cybersecurity efforts across the federal government rely on each agency bringing different authorities and capabilities to the fight. NSA has access to a wide array of data sources, but we also have access to unique foreign intelligence and insights from defending global Department of Defense networks that helps reveal our adversaries’ capabilities and intentions, which informs our efforts to stop them.
Alongside our partners across the federal government — like DHS’s Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Defense Cyber Crime Center — NSA dives into intelligence to develop deep insights into ways our adversaries are trying to exploit US networks. When we find evidence of what they are trying, we work with the cybersecurity community to close those vulnerabilities.
Public-private partnerships are nothing new in cybersecurity — and they remain crucial to our success — but the way we work with the private sector has evolved substantially in recent years: The threat has evolved, and many large companies now have world-class cybersecurity experts dedicated to defending their data and networks.
This means that we are going beyond a vision of partnerships for “information sharing,” which is too transactional. In order to prevent threats, we need to have open conversations in real-time. That is why NSA built the new Cybersecurity Collaboration Center outside the NSA fence line, where we can operate in an unclassified space.
To facilitate these conversations, we needed to be able to operate alongside our partners. As part of this effort, we have transformed our defensive work from sharing information to full-scale collaboration that supports defenders across the national security ecosystem.
In many cases, NSA analysts and our partners in industry are looking at the same problem from a different point of view. We have learned that by coming together on shared priorities, we can share our expertise with one another and understand the full picture. It is not just sharing — it’s operational collaboration. This is a decisive advantage when it comes to countering malicious cyber activity.
For collaboration to be effective, it must be a two-way street. It takes place at every level from the operations center to the boardroom, and it is always informed by our collective understanding of the threats we face. That collaboration can involve two-way sharing of technical data during an ongoing cyber incident.
It can involve bringing some of the world’s foremost experts in cybersecurity together to identify how different data sources can identify, track, and thwart malicious cyber actors. It can even involve detailed conversations with senior executives about how we can ensure that the next generation of technology is secure by design.
This new way of doing business has required a major culture shift within NSA. The old joke in Washington was that the NSA was so secretive that our initials stood for “No Such Agency.”
If we had information to share with a company, we could bring their representatives into Fort Meade to share it with them — as long as the right people in the company had high enough security clearances. With our adversaries actively pursuing the degradation and exploitation of commercial networks, that model is no longer effective.
At the Cybersecurity Collaboration Center, we are driving that culture change within NSA as part of the evolution of the broader cybersecurity community. Our analysts work to get threat information down to the lowest classification level possible so we can share it with the companies we work with as quickly as possible. Our goal is for our information to be actionable, unique, and timely.
We understand the need to be where our partners are, communicating over commercial off-the-shelf collaboration tools, remotely and in real-time. That means that a lot of our work takes places on unclassified platforms and in unclassified spaces.
It also means that our team has the ability to work from home when COVID cases are high, in inclement weather, or when a crisis hits over a holiday weekend, a preferred tactic of malicious actors. These changes help us protect the Defense Industrial Base 24/7.
I am incredibly proud of the work we have done and the new things we are working on. We actively collaborate with more than 100 companies, but we still have a long way to go.
In the next year, in addition to expanding our partnerships, we are expanding support to the Defense Industrial Base with low-cost cybersecurity products that help companies — especially small- and medium-sized enterprises that may not have well-resourced security programs — protect against many of the most common ways that malware and ransomware get into networks, like our new Protective Domain Name Service powered by NSA cyber threat intelligence.
As Gen. Paul M. Nakasone, NSA’s director, likes to point out, “cybersecurity is national security,” and we are always finding new ways to break down barriers and play our part. Together, we avoid bottlenecks and empower collective defense. We need to continue to grow and evolve: The adversary won’t stop, and neither can we.
Ms. Morgan Adamski is the director of the Cybersecurity Collaboration Center for NSA Cybersecurity, where she leads the agency’s open private sector relationships to secure the defense industrial base and its service providers. This work is meant to augment and amplify NSA’s ability to prevent and eradicate cyber threats.
Powered by WPeMatico