A new strategy for U.S. intelligence looks to improve integration of counterintelligence and security efforts, increasingly address cyber threats, and have clear guidance of civil liberties, privacy and transparency. As outlined in the U.S. National Intelligence Strategy (NIS), from Director of National Intelligence (DNI) Dan Coats, the intelligence community is facing a turbulent and complex strategic environment, and as such, the community “must do things differently.”
cyberthreats
The U.S. government has not established a comprehensive cybersecurity strategy, nor has it performed effective oversight of cybersecurity as called for by federal law and policy, the U.S. Government Accountability Office (GAO) concluded in a stark report on the state of the nation’s cybersecurity.
Because of the cybersecurity policy lag and related action, federal agencies and U.S. critical infrastructure—including energy, transportation systems, communications and financial services—are vulnerable. And these cybersecurity risks are increasing as security threats evolve and become more sophisticated, GAO, the government’s watchdog agency, reported.
As billions more Internet of Things (IoT)-related devices come online, the barrage of cyber threats will not only continue but will target users in new ways. Moreover, the number of adversaries mounting attacks against the United States in cyberspace will continue to grow in the next year, as nation-states, terrorist groups, criminal organizations and others persist in the development of cyber warfare capabilities, Michael Moss, deputy director, Cyber Threat Intelligence Integration Center (CTIIC) warned during recent Congressional testimony.
Fraud, waste, and abuse (FWA) remains a major challenge to the federal government. From 2012 to 2016, the 73 federal inspectors general (IGs), who are on the frontline of fighting FWA, identified $173 billion in potential savings and reported $88 billion in investigative recoveries and 36,000 successful prosecutions and civil actions.
Mobile devices used by federal employees continue to be susceptible to malicious cyber attacks. Email accounts, stored documents, microphones and cameras on the devices still present avenues of entry for bad actors.
Complicating the matter are conflicting governmental compliance policies, misconceptions of security measures and naivety about the exact risks, a recent survey concluded. Many agencies are still ill equipped to handle these incidents. Moreover, even if policies are in place, employees do not always follow them, and intrusions still happen, according to the report, "Policies and Misconceptions: How Government Agencies are Handling Mobile Security in the Age of Breaches," prepared by San Francisco-based Lookout Inc.
Adversaries, and cyber criminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”
Researchers in government and industry are combining advanced analytics with traditional detective work to quash dangerous cyberthreats from within. Instead of focusing on a silver-bullet solution to stop the insider threat, they are adopting an approach that consolidates information from multiple events to provide greater advanced warning of problems.
The recent hack, reportedly by Chinese sources, of the personnel files belonging to current and past U.S. government employees puts a face on the cyberthreat affecting everyone today—about 4 million faces, if Office of Personnel Management assessments are correct. Yet this hack is just one example of the looming cyberthreat, and while it offers valuable lessons to be learned, it should not serve as the exclusive template for securing networks and data.
Coming soon to a network near you: consolidation and reinvention.
Two years ago, the U.S. Defense Department developed the Joint Information Environment (JIE) framework. Since then, key stakeholders and drivers of the JIE have been working to realign, restructure and modernize the department’s information technology networks to increase collaboration among departments while reducing the cyberthreat landscape. The JIE vision is an integrated and interoperable joint enterprise environment that can be leveraged across all department missions—an extremely important development as Defense Department dependence on the network has never been higher and cyberthreats are rising.
Perhaps it began with Y2K, this realization that the unseen operational grid could come crashing down by the mere numerical click from one century to the next-but the threats to operational functionality in all areas of human-machine interface are very real. A cyber exercise conducted again this year will incorporate some changes to simulate new challenges.
This month, Linton Wells II drew his inspiration for Mission Assurance Moves to the Fore in Cyberspace from Deputy Secretary of Defense William J. Lynn III's recently published article, Defending a New Domain: The Pentagon's Cyberstrategy. Wells summarizes Lynn's strategy points, noting that taken on a whole they have a broader implication than just cyberdefense. It has more to do with mission assurance, he says:
Recognizing a threat is the first step to addressing it, and one way to do that is to track incongruities rather than just monitoring the status quo. In this issue of SIGNAL Magazine, Chris Sanders highlights an intrusion detection architecture that does just that. His article, "The Exception Becomes the Rule," focuses on how this system enables a rapid, flexible response to cyberthreats.