‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says – CyberScoop

Written by Shannon Vavra Oct 11, 2019 | CYBERSCOOP

The National Security Agencys new Cybersecurity Directorate, charged with helping protect the defense industrial base and sensitive government computers by providing insights on foreign hackers, is now at initial operating capability, senior NSA officials informed reporters at a rare briefing Thursday at Fort Meade.

Just this week thefledglingdirectoratetook one of itsfirst public actions, issuing an unclassified alert about nation-state hacking groups actively exploiting vulnerabilities onvirtual private networks. Beyond the usual job of such alerts identifying the bugs and recommending mitigations the directorate made a point to provide ways for organizations to check whether they have been victimized, something the directorate intends to continueinunclassified ways moving forward.

We need to be sure that people who own networks that are vital to the national security systems and defense systems of this nation can figure out if adversaries have gained access into their networks, NSA spokesperson Natalie Pittore said. Its about preventing but also kicking out the adversary.

The focus on eradicating hackers from victimized organizations sets this new Cybersecurity Directorate apart from old defense-focused branches of the NSA, such as the Information Assurance Directorate (IAD), the Technical Director for the new directorate, Neal Ziring said Thursday.

The old IAD really focused mostly on prevention not that we didnt do any eradicating. But prevention was the bulk of the mission work. So now were trying to make sure we pay attention to both angles and let them work together, said Ziring, who has an intimate knowledge of the technical details shared with industry as theformer technical director for the IAD.

I gave our agency a demanding challenge: prevent and eradicate cyberthreats to national security systems and critical infrastructure, NSA Director Gen. Paul Nakasone said Wednesday during remarks at a summit hosted by FireEye.

The NSA has always had a cybersecurity mission, better known internally as information assurance,in addition to its job of gathering signals intelligence on foreign adversaries. But in recent years the agencys focus on the cybersecurity mission had waned, as Nakasone has pointed out in previous remarks. One of the goals in creating the new directorate was to reenergizethe NSAs white-hat mission, which covers everything from generating the cryptographic keys for U.S. national security systems and U.S. government communications to protecting the nations nuclear command and control systems.

As a first order of business, Nakasone has directed the new organization to focus on the defense industrial base, weapons system security, and the infrastructure and capabilities behind them.

One of Nakasones concerns right now is that the defense sector needs to be better protected in particular against cyber-enabled intellectual property theft from foreign adversaries.

China has stolen a staggering degree of intellectual property to build its economy and military with global ambitions, Nakasone noted.

Ziring said the directorate is creating a unit to specifically examine the cybersecurity of the defense industrial base. He acknowledged that past efforts have shown that the new team will have a daunting task, given there is no one-size-fits-all solution.

Protecting an ecosystem or a sector like the defense industrial base is very very difficult, because the sector is very heterogeneous, Ziring said. You have some very very large companies defense prime contractors and then you also have very small and specialized companies and sort of everything in between.

Protecting against specific technical capabilities of adversaries is no easy undertaking, particularly asthey set their sights on areas that dont necessarily fall under the NSAs purview, such as universities, the officials said.

You used to see a nation-state spent their time attacking a nation-state entity like the Pentagon, Ziring said. Now were seeing a broadening. Theyll also go after companies, and universities, and nonprofits, and civilian government agencies, and state governments.

The shift in targets, Ziring said, has meant the NSA needs to reassess its partnerships with the Department of Homeland Security and the FBI.

The Cybersecurity Directorates director,Anne Neuberger, told reporters that DHS, in turn, haspointed to national critical functions, such as generating and distributing electricity, supplying water or banking. Those areas have long been a priority for the departments Cybersecurity and Infrastructure Security Agency, led by Chris Krebs.

In a given sector what are the core cross sector vulnerabilities and how [do] you in the intel community understand those so that youre looking for the threats that we re most concerned about? Neuberger recalled Krebs telling her. We each have pieces of those puzzles, Neuberger said.

DHS has previously worked with entities in Fort Meade to share information about threats to the banking sector. Through a project internally known as Project Indigo, several banks shared information about nation-states hacking targeting them with Cyber Command, which is co-located with NSA, last year.

The DHS itself is seeking more visibility into vulnerabilities in other ways CISA is currently seeking subpoena power in its efforts to understand which organizations are vulnerable to hacking.

Originally posted here:
'Kicking out the adversary' is part of new Cybersecurity Directorate's mission, NSA says - CyberScoop