When It Comes to Cyber Protection, Cooperation May Be the Best Defense
The U.S. government is not well known for its cross-agency collaboration capabilities, particularly when the Department of Defense (DOD) and its unique set of rules, responsibilities, and protocols is involved. So, it’s notable when the DOD’s U.S. Cyber Command and the civilian Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) shared a stage at the RSA conference in San Francisco, California, this week. Their successful partnership leads this roundup of recent news and articles related to cybersecurity.
“There’s always been a bit of a cliché that government was stove-piped. That companies didn’t know who to call. That there was concern that nugget of information coming into a government ecosystem would fall into a black box, never to be seen again,” Eric Goldstein, executive assistant director at CISA, is quoted as saying in a Cyberscoop article. “And we are working with extraordinary urgency to break that model, such that truly a call to one is a call to all.”
Representatives from both agencies discussed how they have established pathways to work with each other. A prime example of the interagency cooperation occurred when the Cyber Command spotted Iranian hackers trying to gain access to software used to report U.S. election results. Passing the information to CISA enabled the agency to notify the jurisdictions and help them ensure their systems were safe from the attempt.
The example notwithstanding, a Cyber Command representative said the collaboration is still active and successful: “The ability for DHS CISA to be able to rapidly provide us information has become a large driver for CMNF (Cyber Command’s Cyber National Mission Forces) operations around the world. I just want to highlight that this isn’t something that we would be talking about if this was a couple of years ago.”
U.S. Cyber Command CISA Partnerships Extend to Foreign Governments
Also at the RSA conference, representatives announced the CNMG had deployed to help allies thwart cyberattacks at least 47 times in 20 different countries.
“The initiative reflects a broader push by the U.S. government to improve collaboration with foreign allies on combating cyber crimes, which often cross borders,” Reuters reported. “Some of the largest known ransomware criminal gangs, for instance, have targeted multiple countries, including the United States.”
Disruption Just as Important as Arrests in Fighting Cyber Crime
Traditionally, the U.S. Department of Justice prioritizes finding and arresting criminals. When it comes to cyber crime incidents, such as ransomware or critical infrastructure attacks, Cyberscoop reported the agency mission has shifted from holding criminals accountable for their actions to interfering with their criminal actions.
“We are trying to disrupt when it will make an actual impact as opposed to waiting until we’ve tied it all up in a bow for the U.S. Attorney’s Office,” the FBI’s Elvis Chan told an RSA audience. “Our investigations take a while to run. What can happen quicker are seizures or disruptions.”
United States is Not the Only Game in Town: France and Singapore Announce Joint Research
The two countries announced plans for a joint research facility in Singapore that will study how artificial intelligence can be used in cyberdefense.
The countries will “collaborate in potential research, such as AI for geospatial analysis, natural language processing to extract information for analysis, and computer vision for monitoring image and video feeds to identify potential threats across various environmental conditions,” according to ZDNet.
Multinational Corporations Take Proactive Action
Wired reported on an announcement from Google Cloud and Intel in which the companies partnered to find security vulnerabilities in Intel’s Trusted Domain Extensions product deployed to safeguard its hardware. They found 10 vulnerabilities, including two considered critical, and made changes to protect the hardware prior to deploying Intel’s fourth-generation processors.
"The security stakes are incredibly high for massive cloud providers that run much of the world's digital infrastructure," Wired reported. "And while they can refine the systems they build, cloud companies still rely on proprietary hardware from chip manufacturers for their underlying computing power."
Cybersecurity Vendors Cooperating with Intelligence Sharing Portal
According to Cyberscoop, several large cybersecurity companies have developed a platform called ETHOS (which stands for Emerging Threat Open Sharing), an open-source, opt-in portal cyber protection companies can use to provide early warnings about emerging threats.
“It’s a gigantic improvement of the visibility that we can have. It’s intelligence that we never had before,” Andrea Carcano, cofounder of cybersecurity firm Nozomi Networks, told Cyberscoop. “We can really discover if there is something going on in the country that, until today, is going to be buried inside of Nozomi alert, Dragos alert, Claroty alert.”
Draft Guidance on Zero Trust Architecture in a Cloud Environment Released
Zero trust is a cybersecurity model focused on monitoring and protecting individual systems used by an organization rather than trying to build a protective cyber perimeter around all of an organization’s IT systems. Zero trust does not mean abandoning perimeter protection, but it does assume that even with strong protections that systems cannot be fully protected. As such, building in access verification and monitoring protocols into each system is needed for modern, robust cybersecurity.
A new draft publication from the U.S. National Institute of Standards and Technology (NIST) provides guidance for organizations applying the zero trust model to cloud-based applications. The highly technical document is in the review for comments phase prior to final release.
