Enable breadcrumbs token at /includes/pageheader.html.twig

On Point: Q&A With Morgan Adamski

Morgan Adamski directs the National Security Agency’s Cybersecurity Collaboration Center, which works with defense industrial base companies to enhance security.

Credit: CoreDESIGN/Shutterstock

Why is the Cybersecurity Collaboration Center needed?
We make the joke everyone knows, NSA: No Such Agency, existing behind the fenceline off of I-295. But it is about how we enable a better understanding of what information the private sector needs to protect their networks and their customers and what information those private sector entities have that will better enable our analysis and understanding of the threat.

How would you describe industry’s response?
Fantastic. The fact that our industry partners have stood up and leaned forward and engaged is a testament to how much the private sector wants to ensure our critical infrastructure is secured for the future. Almost all of our industry partners are constantly willing to share their expertise, their insights, in a way that helps us better understand the threats while also protecting their customers’ privacy.

We did a presentation at BlackHat this past year with ViaSat and talked about the fact that ViaSat on the 24th of February shared key technical indicators that enabled us to better understand the threat. And then you saw the White House come out not long after that and publicly attribute that attack to Russia. Those relationships we’ve built and the fact that we’re able to share information in real time has enabled us to change the way we approach the cybersecurity threat overall.

What departments or agencies do you regularly work with?
We have a phenomenal relationship with our FBI and our CISA [Cybersecurity and Infrastructure Security Agency] counterparts. FBI is a great partner because they have the presence out in the field offices. They’re working with the same companies we are on any given day, and they have different types of relationships. Sometimes it comes down to that access and who’s in place and has that relationship to contact or work with a company.

When we know there’s a threat or an adversary is actively exploiting a vulnerability, we work with our CISA counterparts to create the appropriate mitigation guidance. And you’ve likely seen that in our 27 or so cybersecurity advisories that were released last year. CISA has a broad megaphone, for lack of a better description, to amplify that guidance out to all of the companies across U.S. critical infrastructure, which is much larger than the defense industrial base.

Would you like to add anything regarding your priorities?
General [Paul] Nakasone announced in September that the Cybersecurity Collaboration Center has stood up a new element called the Artificial Intelligence Security Center.

I was just making the joke that we like to put centers in centers, but the AI Security Center is part of the Cybersecurity Collaboration Center, primarily because we’ve already built a lot of these industry partnerships.

It’s critically important because there’s the conversation about how our adversaries will use AI-powered attacks against U.S. critical infrastructure, but then there’s also the adversarial attacks on AI systems, and the AI Security Center will cover both.

When will it be fully operational?
If you ask my boss, it’s probably already supposed to be there. But I would say within the next year it will be fully operational. It’s up, it’s running, it’s staffed. We’ve already started to form relationships, and it’s already contributing to key documentation in this space. The CCC has been on a little sprint for the last three years, and the AI Security Center will also be doing that. I expect a lot from it in the next year.

Questions and answers have been edited for clarity and concision.