This year’s high profile ransomware attacks on the United States – including one directed at the Colonial Pipeline and another at a food supplier – showed how such a strike could have the potential to be as catastrophic as one directed at physical critical infrastructure. The United States military has seen this threat for some time, which is why the United States Cyber Command (USCYBERCOM) was created in 2009 at the National Security Agency (NSA) headquarters at Fort George G. Meade, MD.
The Cyber Command, which was originally created with a defensive mission before being increasingly viewed as an offensive force, is now one of the 11 unified combatant commands of the United States Department of Defense (DoD). In 2018, the DoD issued its Cyber Strategy report, which charges U.S. Cyber Command with defending forward and persistent engagement.
At this week’s virtual C4ISRNet CYBERCON 2021 event, in his keynote remarks United States Air Force Lt. Gen. Charles “Tuna” Moore, deputy commander of Cybercom, reaffirmed the importance of that persistent engagement.
Gen. Moore stated that defending forward is “getting into the space of our adversaries, so that we can better defend the United States and our allies as well as our interests.”
Persistent engagement, he added, “essentially says we want to be in constant contact with our adversaries. We want to be in a proactive posture and not in a reactive posture.”
Regarding criminal activities in cyberspace such as ransomware attacks, Moore said that the NSA, along with Cybercom, are partnered with the DHS, the FBI and other agencies, along with allies and partners, to help thwart these attacks.
Election Security and Challenging China
Moore further said that Cybercom is very much focused on election security in the United States, adding that if the command detects malware and election threats to allies and partners, it would continue to share some of its intelligence to help address those vulnerabilities.
The Cybercom chief was also direct about the various threats that he sees coming at the behest of Beijing.
“The main thing that we’re seeing from China inside the cyber domain is a lot of intellectual property theft that continues to occur,” Gen. Moore explained in his keynote. “I don’t have specific numbers, but I can tell you that I think you’re talking about hundreds of billions of dollars in savings probably over the last decade plus. And, they probably saved decades of time from an R&D perspective, stealing intellectual property specific to the Department of Defense, from our DIB.”
That included research and development theft from the defense industrial base, and Moore said that Cybercom would work with the DIB to protect intellectual property (IP) and stop China from being able to gain any advantages. Moore also noted that the command has invited academia, the private sector and allies to share their innovative ideas and solutions.
Zero Trust Model Coming Soon
Moore’s keynote to the C4ISRNet CYBERCON 2021 event coincided with the DoD’s announcement that it will launch a new office dedicated to accelerating the adoption of a new “zero trust” cybersecurity model. This office will fall under the Pentagon’s chief information officer (CIO), and will be led by a yet-to-be-named senior executive.
The move is reported to be part of the acceleration to ongoing zero trust implementation that came following the Russian-orchestrated SolarWinds intrusion of federal systems.
In essence, zero trust means that there is no trust across networks, devices or users, and it demands constant, real-time authentication from the users who are accessing data. According to C4ISRNet, zero trust is considered to be a departure from perimeter-based security, through which an intruder can often move freely through a network after penetrating it.
“We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” David McKeown, the DoD’s chief information security officer, said at C4ISRNET’s CyberCon event. “We’re standing up a portfolio management office that will … rationalize all network environments out there, prioritize and set each one of them on a path of zero trust over the coming five, six, seven years.”
His comments come nearly six months after the Biden administration issued its cybersecurity order to improve protections at government agencies in the wake of the SolarWinds intrusion. Too much trust was placed in a widely used piece of software, McKeown acknowledge, which is why the changes are coming.
“We have to be able to detect something like that,” McKeown added. “Not only the external compromises but the internal malicious behavior and potential supply chain risks need to be looked at. We feel like zero trust is the only solution out there right now that gives us a fighting chance on detecting these folks that may have a foothold on our network or this anomalous software that we’ve allowed in.”
