The Past Can Profit Cyber Planning
Battling terrorists resulted in knowledge to fight near-peer adversaries.
Lessons learned in combating terrorist organizations such as ISIS have proved valuable to tailoring national defense techniques to use against cyber attacks from near-peer adversaries, including China and Russia. Speaking at West 2021, Gen. Paul M. Nakasone, USA, said recent experience demonstrates that the threats to data and networks has changed dramatically in scope, scale and sophistication.
The commander, U.S. Cyber Command (CYBERCOM) and director, National Security Agency (NSA)/chief, Central Security Service, Gen. Nakasone pointed out that while cyber defense used to be focused solely on operations networks, now it also must be applied to protecting other systems such as those on ships and weapons. One way to tackle this challenge is to infuse the cybersecurity element into weapons’ acquisition cycle earlier, the general said. “How do we think differently?” is the key question, he added.
The military started combating the Islamic State of Iraq and Syria (ISIS) online in 2015, but now it is facing threats from China, Gen. Nakasone went on. “It’s easy to see how the scale of the challenge has increased over that time from non-nation-state actors to nation-state adversaries, and how we're going to prosecute our operations in competition, crisis and, if necessary, conflict in the future,” he explained.
The general referred to recent ransomware attacks on the commercial sector as an example of how the sophistication of cyber attackers has changed. “Think about the past 150 days. We've seen supply chain attacks. We've seen zero-day vulnerabilities. We've seen ransomware malware,” Gen. Nakasone related.
“This is a threat picture as I see it, and I think the appropriate question is, ‘What are we doing about it?’” he acknowledged.
Engaging ISIS resulted in significant milestones in how to fight this type of enemy, the general shared. While fighting extremist organizations, the military determined that Title 10 forces do not have go into battle alone. Instead, Joint Task Force Ares and the NSA collaborated, which resulted in a potent team and a valuable lesson learned.
“Partnership with the National Security Agency shows the power that comes from a unity of effort between CYBERCOM and NSA, and second, we learned that activities in the virtual battlefield can reflect and inform events on the physical battlefield,” Gen. Nakasone shared. “Too often we think of cyberspace as something that is separate and distinct from the physical fight. This experience showed the opposite.”
The fight against ISIS also imparted valuable knowledge to secure the 2018 midterm elections. The general formed a small group of top personnel from the NSA and CYBERCOM to pursue the challenge of securing the election in three ways: generating insights about the threat and threat actors; getting the information into the hands of several partners; and preparing to oppose those adversaries.
By examining emerging foreign cyber threats, the group gained insights it may not have otherwise noticed when only looking at them from a U.S.-centric-only perspective, the general explained. It was then able to share files widely with interagency and other partners to inform new defenses. Consequently, when signatures of new threats emerged, more differences were spotted that enabled defenders to detect and block the threats automatically.
To help defend the 2020 election against foreign interference, an updated election security group was stood up, and the Cyber 9-Line reporting capability enabled various organizations to draw on insights from National Guard units across the country via their direct communication with CYBERCOM.
China and Russia are constantly conducting cyber persistent campaigns to attack the United States, the general stated. “We need to focus on these near-peer threats across a full spectrum of fights. The more we can synchronize these, the more powerful we will be,” he stated
To accomplish this, Gen. Nakasone said the United States must integrate across service bounties with partners such as industry and command partners. One example is how the NSA has approached new capabilities development. Rather than using the standard method of standing up a program from scratch, the agency worked with DreamPort, a facility created under a partnership between the Maryland Innovation and Security Institute and CYBERCOM.
Although technology is key to cybersecurity, the general admitted that his organizations as well as others must rethink how to attract and retain talented individuals. He pointed out that today’s information technology professionals are looking for more than just high wages. Those determining if they should choose a career in the military or government want to know they have a designated career path that could one day result in obtaining a leadership position, he opined.
“We have a lot of work to do, but we have good partnerships. With partnership, we will confront and succeed against our enemy,” the general concluded.