NSA

Government agencies are working together much more effectively as they counter terrorism and state-sponsored attacks in cyberspace. But more remains to be done as adversaries introduce new tactics and capabilities.

A panel comprising the top U.S. intelligence officials reviewed these issues as they closed out the AFCEA/INSA Intelligence & National Security Summit on September 5. Their points ranged from foreign interference in U.S. elections to cooperation—or the lack thereof—from industry with the U.S. government.

The May 7th ransomware attack against Baltimore has crippled much of the local government’s IT infrastructure while holding its network hostage. Not since the March 2018 attacks against Atlanta has a major U.S. city been so digitally impaired.

The subsequent media coverage of Baltimore’s struggle has generated some misplaced criticism of the U.S. government. Initial news reports erroneously claimed that the ransomware leveraged an NSA-developed exploit to compromise Baltimore’s municipal systems. Unfortunately, this snowballed into numerous sources placing blame on the NSA, claiming that they mismanaged their cyber weaponry. 

This is grossly incorrect.

The National Security Agency is now sharing the source code of Ghidra, its reverse engineering tool developed by the agency’s Research Directorate in support of its cybersecurity mission. Ghidra, a suite of software analysis tools, examines complied code using capabilities such as disassembly, assembly, decompilation, graphing and scripting.

Ghidra helps analyze malicious code and malware and improves cybersecurity professionals’ understanding of potential vulnerabilities in their networks and systems. With this release, developers can now collaborate, create patches and extend the tool to fit their cybersecurity needs.

There is not enough skilled talent for the growing need of the cyber community. Based on a state-by-state analysis on cyberchair.org, there are currently 320,000 open cyber jobs in the United States. Projections get worse. According to a CISCO report, by 2020 there will be 1 million unfilled cyber positions worldwide.

“We need to make systemic changes to address that gap,” said Rob Joyce, senior cybersecurity strategy advisor to the director, National Security Agency (NSA), and former cybersecurity advisor to the president.

Never before has there been such an intense focus on data security and privacy. With data breaches increasing exponentially and the European Union’s recent implementation of the General Data Protection Regulation (GDPR), data security has been at the forefront of news stories over the past several months, with both businesses and consumers suddenly paying very close attention. With this increased attention has come an understanding that data continues to exist even when it is no longer needed or used. Due to this newfound understanding and GDPR’s “Right to be Forgotten,” the eradication of data has new urgency and has become critical to a successful data security program.

If you think of the cyber threat as Godzilla, you can see the need for a framework that optimizes limited resources. As the beast attacks the building, those individuals located on the ground floor—for example the architects and engineers—worry about being stepped on by its feet. Those on the next floor up, the systems engineers, see the knees and want protection from being kicked. The next level, the incident responders, see the claws and worry about what those claws can do. Higher in the building, the operators see the shoulders and are focused on how big the threat might be based on the shoulder size. The customers at the top only see teeth and flames.

The U.S. Navy has outsourced geospatial intelligence at sea, delaying its investment in a solution to this core intelligence competency for the afloat commander. The service needs to train its analysts to produce geospatial intelligence and acquire software and hardware for them. A cost-effective systems solution exists, but the lack of commitment to geospatial intelligence holds the Navy back.

After months of uncertainty, President Donald Trump announced today that he has elevated the U.S. Cyber Command to a unified combatant command. In addition, Cyber Command ultimately may be separated from the National Security Agency (NSA).

“This new unified combatant command will strengthen our cyberspace operations and create more opportunities to improve our nation’s defense,” Trump said. “The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries.”

Editor’s note: Hugh Montgomery, the focus of this article, passed away April 6, just weeks after this SIGNAL interview.

It is just a matter of time before other countries face insider leaks similar to those that have haunted the American intelligence community, said Hugh Montgomery, a former U.S. diplomat and a pioneering intelligence officer who served for more than six decades.