The key theme at this year’s RSA Conference was “Stronger Together,” a message that likely resonated with many of the approximately 45,000 attendees. The annual event, which was first founded in 1991 as a small cryptography conference, has now grown into a series of IT security-related events focused on improving cybersecurity.
Among the attendees this year was Eric Goldstein, executive assistant director for Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), and U.S. Army Maj. Gen. William J. Hartman, U.S. Cyber Command’s Cyber National Mission Force (CNMF) commander. They delivered a presentation on the importance of partnership in defending America’s critical infrastructure while holding malicious cyber actors accountable.
“As our nation’s cyber defense agency, CISA recognizes that we must leverage all tools and capabilities to increase costs against our adversaries. Our work with CNMF enables us to not only more effectively defend our nation’s critical infrastructure from cyberattacks but also clearly demonstrate to our adversaries that there is a price to pay if you decide to attack American infrastructure,” said CISA EAD Goldstein.
He further noted that the presentation was meant to demonstrate for the first time how such partnership yields real-world operational benefits and how we rely upon collaboration with, and incident reporting from, the private sector to catalyze this work.
It described cybersecurity as a “team sport,” where the sharing of expertise and insights can bolster collective defense to meet national security objectives.
Hunt Forward
The message of “Stronger Together” could be much in line with the U.S. government’s Cyber National Command Force (CNCF) so-called “hunt forward” operations, which serve as a way to aid partner countries in combating cybercrime.
CNCF has already sent its experts to aid in 47 operations in 20 countries over the past three years. In addition, 43 specialists have been recently deployed to Ukraine to help the cyber battle against Russia.
Such partnerships are increasingly necessary given the rise of criminal syndicates that now engage in cyberattacks – but also the fact that even small rogue nation-states can use cyber as a force multiplier. The United States can’t do it alone.
By partnering with nations around the world, the U.S. can help stop the threats before they reach our shores say experts.
“Using this approach, you can often catch and eliminate problems, and malware is global, which would allow mitigation before it hits the U.S. and does domestic damage,” said technology industry analyst Rob Enderle of the Enderle Group.
In addition, it can help with the sharing of knowledge on new cyber threats.
“It trains your people on a more comprehensive number of global threats so they become more competent to address a broader range of threats more effectively in the long term,” Enderle told ClearanceJobs.
“Cyber threats are borderless, and most ransomware infrastructure that victimizes Americans is controlled from overseas,” added Adam Isles, principal and head of the cybersecurity practice at the Chertoff Group.
Not Just the Usual Suspects
Another concern is that cyberattacks aren’t just originating in what could be described as the “usual suspect” nations of China, Iran, North Korea, and Russia. In some cases, they can be states that are generally on good terms with the United States.
“While many such attacks emanate from adversary nations, many more do not. We’ve seen important takedowns of criminals in places like Spain, Brazil, Thailand, and more. So building capacity overseas helps us deal with the problem at its source,” Isles told ClearanceJobs.
These partnerships can help target the increasingly connected world of cyber criminal syndicates, with many based overseas. This requires greater coordination with local law enforcement to eliminate them.
“Like any other criminal organization, cybercrime groups adapt. But that’s not a reason to give up,” Isles explained. “We’ve seen important arrests through joint operations, like recent Dutch arrests of the Doppelpaymer ransomware group, Polish arrests of an alleged REvil member, and the Canadian arrest of an individual associated with Lockbit. To the extent we can disrupt and raise costs to these groups, that helps make America safer.”
International efforts can better pool resources, and that can also be a force multiplier of sorts.
“Developing cooperative efforts like this makes bringing the attackers to justice more likely and makes the cyber attacks more risky and less profitable,” said Enderle.
Over Sharing of U.S. Skills?
One potential downside to such partnerships is that we can’t always know who could be tomorrow’s adversary. There is also the concern that some of what the U.S. is sharing could be used against the country in the future.
“We have seen some of these same tradeoffs for decades with more traditional law enforcement cooperation and capacity building – e.g., against drug trafficking, organized crime, and terrorist groups,” warned Isle, who had previously served as the deputy chief of staff at the U.S. Department of Homeland Security (DHS). “In these other use cases, where there were concerns but the benefits outweighed the risks, we put guardrails in place like using vetted units and training on baseline techniques, versus the more advanced ones we would use at home. We have to weigh the risks and make the best decisions we can with the information we have available.”
However, it would be safe to say that reward outweighs the risk.
“Generally, fighting these battles overseas and gaining experience without having to wait for U.S. interests to be attacked reduces the probability of a successful attack and speeds up effective response times if one should occur,” said Enderle.
“In addition, this makes removing the source of the attack far more likely, potentially substantially reducing the domestic risk,” Enderle continued. “Whenever you effectively mitigate a criminal, whether domestically or otherwise, you increase the risk that the criminal will use the experience of their capture to up-skill in order to find a better approach. But that risk results from the mitigation effort and would exist if the U.S. only focused on U.S. attacks and attackers.”
