As the Defense Department’s proposed Cyber Command awaits confirmation hearings on its proposed commander, the services are moving forward to establish their own cyber organizations. Vice Admiral Barry McCullough reported for duty on January 29th as Commander of the newly reconstituted 10th Fleet, officially standing up the U.S. Navy’s Fleet Cyber Command.
Dennis Blair, Director of the Office of National Intelligence, delivered the Intelligence Community’s annual threat assessment to Congress last week. Cyber threats topped the list with the Director describing malicious cyber activity as occurring on an ”unprecedented scale with extraordinary sophistication” and citing network convergence and channel consolidation as increasing vulnerabilities.
There is a new alliance in the battle for cybersecurity. Though neither side has confirmed it, The Washington Post recently reported that Google has asked the NSA to help investigate the mid-December cyber attack against its networks ”to better defend Google – and its users – from future attack.” This partnership demonstrates the increasing interdependencies between the public and private sector in defending against cyber threats.
Hackers, terrorist organizations, cyber criminals, and nation states routinely target government and corporate entities for financial gain, military intelligence, warfare, and sometimes just for notoriety and fame. Government agencies and corporations have traditionally addressed this threat independently, but the evolution of cyberspace has changed the rules. A unified front between the private and public sector has become more critical to combat these cyber threats.
The public and private sectors are becoming increasingly interdependent – the operation of our nation’s critical infrastructure, including the national power grid, transportation systems, and communication networks, depends upon the ability of public and private sector networks to share information via cyberspace. Likewise, our nation’s economic superiority is predicated on our ability to maintain competitive advantages in capital markets. Our enemies are not only looking for ways to exploit vulnerabilities in our critical infrastructure, but they are also increasingly looking for ways to steal our private sector’s intellectual property in order to weaken our economic standing and gain an advantage in the global economy.
Google’s disclosure of ”sophisticated” cyber attacks on its infrastructure reportedly originating in China offers a good example. The Washington Post recently reported that Google and the National Security Agency (NSA) are forming an alliance ”to better defend Google – and its users – from future attack.” Putting the agreement in place will enable the NSA and Google to share critical information to analyze the attack without violating privacy laws or policies. This alliance will help Google better defend its intellectual property critical to our nation’s economy while providing NSA key insight into the attack methods and motives of the attackers.
The need for such partnerships is certain to grow and will most likely extend to organizations that are not as large and resourced as Google but are just as critical to the strength of our nation’s economy. Our adversaries are using similar attack methods to compromise systems across both sectors but they have not effectively partnered to share threat intelligence or early warning indicators. A formal partnership between the private and public sector allows the country to develop a unified and coordinated approach to defending our nation’s assets.
The non-profit Bipartisan Policy Center recently hosted Cyber ShockWave – a live, mock cyber attack against the nation. The exercise simulated the government’s response to a cyber crisis with former Cabinet and national security experts acting as presidential advisors in the fictional drill. The exercise highlighted the dangers of cyber-terrorism and the government’s preparedness to respond to such an attack.
Cyber attacks are a growing vulnerability for our homeland security and broader national interests – and federal employees are on the front lines. In fact, Politico recently reported that Congress and other government agencies face an average of 1.8 billion cyber attacks per month. Both the number of attacks and their sophistication continue to increase at an alarming rate.
In many instances, the key to successfully combating an attack is stopping it at its entry point, which is often the unsuspecting federal employee. For example, the Politico report pointed out that ”…attacks are increasingly focused on infiltrating application software on Hill staffer computers…,”noting:
In the last five months of 2009, 87 Senate offices, 13 Senate committees and seven other offices were attacked by spear-phishing attacks, which appeared as e-mail messages to staffers urging them to open infected attachments or click on bad links.
It is critical that federal employees understand the possible types of cyber attacks in order to guard against them. Creating an awareness of cyber threats is only the beginning. Addressing a persistent and evolving threat requires persistent and evolving training. A number of key elements are required for any near-term or long-term cyber security training effort to succeed. Cyber security must be an agency priority. Cyber security education and training are much like any other agency initiative: if leadership indicates that something is a priority, agency employees will take action. Agency leadership must make it clear that cyber security education and training are a priority, model the behavior they ask of their employees, and dedicate resources to address the problem and its solution. If they do so, federal employees will respond accordingly.
Education and training must be continuous. Hackers, terrorists, and other bad cyber actors do not wait for reporting requirements or other compelling organizational issues to decide when to attack – they just do. Education and training efforts should be ongoing, consistently updated, and test employees’ understanding of the topic on a regular basis. Agencies must be as persistent and agile in their training as cyber attackers are in their efforts to do harm.
All agency employees must be included in training. All agency employees, and their contractors, are vulnerable to cyber attacks. No grade level is too high or too entry-level to be excluded from standard education and training. Reporting and accountability measures must be implemented. Accountability mechanisms should be used to not only identify those personnel who have or have not received cyber security training, but also on how well they retain the information they have learned. The use of cyber security quizzes or other mechanisms to test the workforce’s cyber knowledge provide a quantitative measure of the effectiveness of the training program as well as targeting specific personnel or subjects for deeper training.
The techniques used to attack information networks and exploit information are quickly evolving to the point where it is almost impossible to distinguish intrusion activity. The federal government must use an educated workforce on the cyber threat as a force multiplier as part of its cyber security strategy. Individual employees and agencies must share the responsibility for anticipating and preventing cyber attacks from succeeding.
Thursday, June 17th The sophistication of security breaches of federal information systems and reports of improper access to these systems continues to grow at an alarming rate. Clearly, there is concern about and a desire to improve the security of these critical infrastructures. So where and how do we begin to effectively safeguard today’s systems from cyber threats and increasing system vulnerabilities? c
What’s the big deal about a 32-character string of secret code in the logo of the Pentagon’s U.S. Cyber Command. The new military command was launched in late May to help centralize Defense Department efforts to protect its computer networks, which are under constant threat from attackers. The Associated Press reports it was created to frustrate everyone from run-of-the-mill hackers to foreign governments looking to steal sensitive information or crash critical, life-sustaining computer systems.
August 12th, 2010 at 11 AM How does one assure trust in Cyberspace? As citizens, government, and business enterprise increase the amount of information that is shared online, fundamental questions arise around security requirements, data and identity management, and infrastructure. Trusted online environments can reduce costs, expand services, and are critical to protecting how, and to whom, information is shared. Securing identities in transactions is an essential component to building trusted online systems and a critical priority for both business and government. As online information sharing and collaborative services evolve between people and technologies, will trust emerge as the next ”Killer App”?
Cybersecurity is among the federal government’s top priorities…and with good reason. The cyber threat is complex and evolving rapidly. According to the U.S. Government Accountability Office (GAO), the number of cyber incidents reported by federal agencies increased by 400% over a four year period. Also, cyber threats come from multiple sources (e.g., terrorists, criminal organizations, hackers, disgruntled insiders, rogue nations, etc.) with a host of motivations for, and resources to, attack.
To beat the cyber threat, federal Chief Information Security Officers (CISOs) must assess risk, develop cybersecurity policies, and build the operational infrastructure to execute an agency cybersecurity program. They also need experienced cybersecurity professionals – that’s where we come in… A dedicated cybersecurity firm – and the market leader in providing risk management, governance, operations, and compliance services to the federal government – our team takes pride in being the government’s trusted advisor for cybersecurity.
In this space, we will share our insights on the news, challenges, and policies that drive decision-making and problem solving around cybersecurity in the federal government. By discussing key cybersecurity topics in this blog, and highlighting those of other federal community thought leaders in our companion ”Trusted Advisor Series” on WTOP radio, we hope to add value to this critical dialogue. We look forward to sharing this online experience with you.
– KCG’s Trusted Advisor