Commercial industry needs to step up and share more information about cyber attacks on its networks with Federal agencies responsible for cyber defense government officials said at a cybersecurity event in Washington this week.
Cyber attacks are showing increasing sophistication across the board – from basement hackers to foreign intelligence agencies, said Sean Kanuck, national intelligence officer for the National Intelligence Council during a daylong INSA Cyber Innovation Symposium Sept. 26.
Gathering intelligence about online criminal and espionage activities is vital for national security, but because most of the nation’s computer and communications infrastructure is privately owned and beyond direct government monitoring, it is up to the private sector to report attacks and intrusions.
While the government is struggling to come to grips with the issue, Kanuck noted that there are concrete steps agencies and private firms can take to protect themselves. The most important of these is to make an accurate threat assessment of their networks.
This can be a challenge for large, publicly owned companies because many chief executive officers don’t act on threat reports to avoid frightening shareholders, Kanuck said. But such inaction, or the reluctance to spend more on network defense, can leave firms vulnerable to attacks or to data or utility outages which can impact the general public, he said.
Private firms are caught in the crossfire of a global cyber conflict, Kanuck said.
Commercial infrastructure is both a target for cyber attacks and an enabler – a resource and a place from which to launch fresh assaults, he said. Because of the global nature of the threat and the national security implications, he said that firms must share information with the government to improve their security.
While companies are often reticent to do so, reporting attacks and intrusions helps federal agencies respond with more agility to the threat, he said.
One example of how private firms are working with the government to protect their data is the Defense Industrial Base cyber pilot program. The one-year effort, which has been extended by the Obama Administration, consists of 17 defense firms working with the National Security Agency and national telecommunications firms to monitor their networks for intrusions and suspicious data transfers to foreign Internet addresses.
On a larger scale, there needs to be a more holistic approach to security by the government, Kanuck said. A major part of this will be for intelligence organizations to use crowdsourcing, open source data and information sharing techniques to counter cyber threats, he said.
The intelligence community must also pursue partnerships with private sector partners where it is appropriate. The results of these efforts will lead in a better ability to remediate and mitigate risk because the threat is adaptive and ongoing. “This problem is not going away,” he said.
Another place where agencies can get data to help with cyber issues is open commercially available source information, which is useful and does not entirely reside on the Internet, said Troy Mattern technical director for cyber intelligence at Carnegie Mellon University’s Cyber Innovation Center.
Such information can include addresses and locations of known hackers and publicly available information about suspects’ activities. This information needs to be brought into the cyber intelligence analysis process because it helps agencies to better use resources and tailor effects to counter specific threats, he said.
One of the major technical challenges faced by the intelligence community is the sheer quantity of data streaming over the Internet. There is a need for tools that can sift through all of this incoming information for potential threats, identify them and bring them to the attention of analysts, Mattern said. He added that the government needs to encourage and standardize the development of these types of cyber analysis tools.
But like all types of intelligence gathering, cyber intelligence ultimately focuses on people, Mattern said. This is something that many organizations tend to forget. “At the end of the day, it’s not a computer on the other end, it’s a human being,” he said.
Legislation is needed to properly defend the nation’s vital infrastructure, said Rick Ledgett, director of the NSA‘s National Threat Operations Center.
He added that any future cyber legislation should remove the disincentives that keep many private firms from reporting cyber incidents to the government. The public often confuses technologies for monitoring cyber threats with electronic surveillance of personal data and correspondence. Such confusion is not helped by lawmakers who do not understand the underlying technology of cyberspace, he said.
But even those who understand those nuances, including Rep. Mike Rogers, chairman of the House Intelligence Committee, who also spoke at the INSA event, continue to run into tough sledding getting cyber legislation that will satisfy both the House and Senate.
Operations by organizations like the NSA must be firmly grounded in both cyber security and respect for civil liberties, Legett said. Because most of the nation’s network infrastructure is commercially owned, by law the NSA cannot operate there. Unclassified open source data is very useful in searching for threats and anomalies, but it must be sifted over for useful information.
But simply pulling in vast amounts of data is inefficient and does not scale well because intelligence agencies do not have the personnel to devote to this, Ledgett said. The intelligence community needs to work with the private sector and academia to develop tools that can allow agencies to work with and rapidly access more complex information, he said.