One of the National Security Agency’s most important roles in government cybersecurity is advising the White House and other federal agencies about potential risks and opportunities. Philip Quade, special assistant for cybersecurity to the NSA director, leads that effort.
“One of the unique values of NSA is that it has decent insight into what our foreign adversaries aspire to do to others, and what they’re capable of doing to others,” Quade told the Federal Drive with Tom Temin. “So we try to use those insights into the adversary and the threat to inform not only NSA’s cybersecurity defenses, but we try to take that information and knowledge and convey it to others, so they can better posture themselves for preparing against malicious cyber activity.”
He said that “adversary” is a very broad term these days. It can refer to more traditional nation-states like Russia and China. It can refer to non-nation-state actors like hacker and terrorist groups. It can also refer to individuals, even insider threats.
Some nation-states, Quade said, are very capable and motivated to cause harm to the U.S. government and population in general. They are highly skilled and exercise good tradecraft.
“Some people ask me what keeps me up at night, based on what we know about the foreign threat,” he said. “I sometimes say, ‘No, in fact, I sleep like a baby. I wake up every two hours in a panic, screaming.'”
Quade compares cybersecurity to a team sport. He said it requires government, the private sector and individuals to do it properly. He said the individual response is just as important as the organizational responses.
Organizational rules, like mandatory training and strong password policy, are important and necessary, Quade said. But individuals have to be aware of cyber risks as well, because phishing is currently one of the most prevalent forms of cyber-attacks, and it regularly is becoming more sophisticated.
“It’s counting on the frailty of human beings,” Quade said. “We’re all busy, we’re all distracted, perhaps we’re not all as well trained as we should be, so our adversaries are taking advantage of that frailness of the wetware up top.”
The solution, he said, is better training and awareness. That’s why NSA, along with DHS and other members of the intelligence community, helps sponsor Centers for Academic Excellence, specifically in cyber defense, to shape undergraduate and graduate curricula in order to produce a more highly trained workforce. A more aware workforce would benefit both federal agencies and private industry.
Quade said the best cyber defenses are ones that observe past activity and stop similar attacks, but ones that look for a pattern of activity, and takes preemptive action. This is known as active cyber defense — the ability to detect and mitigate hostile actions in cyber-relevant time.
Another time-sensitive strategy is information sharing. Quade said that while the intelligence community has more insights into cyber adversaries than other organizations, other insights do exist. That’s why it’s important for agencies to share information at cyber-relevant speed, because a shared awareness creates a more total picture. Every incident creates context.
He said that the Edward Snowden leaks actually gave the NSA some institutional credibility, because it showed people just how high a speed and scale it was operating at. They’ve leveraged that into talking points with other organizations to advocate for embracing automation and integration into their cyber defense strategies.
“The only ways you can address the problems of speed and scale of an adversary is by using automation and integrations of technologies for cybersecurity,” Quade said.