Intelligence Inoculates Against Cyber Intruders
OSINT proves invaluable during the pandemic.
Cyber attacks against the Defense Department and many other organizations have increased dramatically during the COVID-19 pandemic, but the integration of cyber threat intelligence has helped the department defend its networks, according to Col. David Violand, deputy director of intelligence, Joint Forces Headquarters-Department of Defense Information Network (DODIN).
Col. Violand made the comments during the AFCEA TechNet Cyber conference, a virtual event held December 1-3.
“Open source intelligence, or OSINT, has proven to be an invaluable tool in support of our intelligence efforts. We obviously use intelligence community, or IC, reporting as well as DOD incident reporting in our day-to-day analytic efforts. However, we’ve also developed an open source intelligence element to help bridge the gap between IC and DOD reporting and, frankly, what the rest of the world is seeing,” Col. Violand stated. “Through the use of publicly available information and subscription services, the OSINT team is able to tip network defenders, enrich our analysis and provide indicators that may not otherwise be available.”
Department officials also found commercially available intelligence to be of great value to combat the surge of COVID-related cyber attacks. “A variety of vendors are doing remarkable things providing everything from data to finished analysis, which support defensive cyberspace operations intelligence efforts,” he added.
Col. Violand also stressed the importance of cyber fusion. “We have found that the integration of intelligence analysts alongside cyber operations analysts is key to ensuring we maximize our ability to provide intelligence enrichment to network analysis efforts, and conversely to ensure that data pulled off of DOD network sensors can be used to enrich intelligence analysis,” he reported.
At the most basic level, task organizing to allow communication to occur at the lowest analytic level promotes shared learning and increased individual synthesis and is ultimately key to achieving the speed of fusion necessary to stay ahead of dynamic adversary actions, he added. “We believe this pairing serves to help bridge the long-standing divide that exists in many organizations when it comes to collaborations between intelligence analysts and cyber fusion analysts and the impact that they can have on cyber defensive operations.”
During the pandemic, adversaries--both nation-state and non nation-state--have increased their targeting of remote collaboration tools and applications, including those hosted in cloud environments. “Attack-the-target software-as-a-service applications and user accounts have been one of the fastest growing and prevalent challenges for organizations, even before COVID-19 forced the vast and rapid shift to remote work,” the colonel said.