Making sense of the threat landscape can be an exhaustive exercise for companies in the defense industrial base (DIB). Various parts of the government are working together to make sure at the end of the day the warfighter has secure technology and that all the supply chain and vendors behind it have been screened and validated.
Bailey Bickley, Chief of DIB Defense at the National Security Agency’s Cybersecurity Collaboration Center (CCC), recently discussed at CMMC CON 2023 all the things that the NSA is doing relative to the defense industrial base. In her role she is responsible for key initiatives to evolve the CCC and deliver intel-driven cybersecurity solutions across the DIB.
“The CCC is putting a significant emphasis on the defense industrial base. A few years ago, we were delegated authorities from DOD for us to engage directly with the DIB because NSA has unique insights on nation-state cyber threats,” Bailey shares. “We are working with industry to operationalize our insights to get them down to the unclassified level and into the hands of folks who can action them across not only the defense industrial base, but all critical infrastructure sectors.”
How the NSA enables the DIB to detect, defend, and report cyber threats
Currently, the NSA is working with 475 partners at every level of the DIB ecosystem from large prime contractors to mom and pop companies that are small resource constrained but still critical members of the DOD supply chain. The CCC is working with the biggest and best IT and cybersecurity companies to take what NSA knows, sanitize it, and provide a foundation for partners to build and scale detection and mitigation techniques.
“We’re getting information from our partners that is augmenting our understanding of the threat landscape and helping us build a more comprehensive picture of nation-state threats,” says Bailey. “And we’re providing no-cost cybersecurity to small to medium-sized businesses. Our set of services has been engineered to defend against the top ways that we see nation-state actors successfully targeting the DIB.”
The CCC is also securing emerging technology through standards; examining issues like cloud updating, secure protocols for post-quantum cryptography, 5G; and making sure that the US national security perspective is injected into standards as they’re being developed.
Nation-state threats and more
Every company is a target, even small businesses. The People’s Republic of China (PRC) especially, takes a broad approach and goes after the weakest link in DOD supply chains. Don’t be that weak link.
“You can draw the parallels between cybersecurity and physical security. If somebody is walking down a street trying all the car doors, you want to make sure your doors are locked,” continues Bailey. “When we think about nation-state threats, we think about the PRC first as they are persistent and pervasive. Russia, North Korea, and Iran are just as disruptive. It’s not just the nation-state threats that you have to worry about—it’s also ransomware, which disproportionately impacts small businesses.”
There is also the human element. Your company needs to know how it manages its resources. Last year more than 20,000 vulnerabilities were published in the national vulnerability database, but only 2% were actually exploited. If you’re a CISO, CEO, or the IT person in a small thirty-person company, you do have to worry about nation-state threats and malicious cyber activity.
What the CCC is doing to help
CCC offers three free services for the DIB to take advantage of as you work to become compliant with NIST 800-171 and improve your cybersecurity. These services are not a one-stop shop for CMMC compliance, but they do support several NIST 800-171 controls. Note that these services are free because DOD has fronted the cost to support companies in the DIB. The free services include:
Protective domain name system (DNS)
DNS is the address book of the internet, and adversaries frequently use it to gain initial access to their targets.
“Our protective DNS service is offered through Akamai, our contracted provider. We use Akamai’s commercial threat intelligence feeds to block users from connecting to known malicious or suspicious sites,” states Bailey. “We’re also feeding in unique non-public indicators of known bad activity that we’re getting from our global signals intelligence enterprise, from our partners, and from NSA analytics.”
This helps make sure that enrolled DIB customers are protected against emerging threat activity. The block list is updated each week with these indicators, and to date, the CCC has blocked 10 billion instances of malicious activity, including ransomware, activity nation-state malware, DNS tunneling, botnets, etc.
Our protective DNS service supports NIST 800-171 controls 3.13.1, 3.1.20, and 3.14.6 (if they monitor DNS service logs).
Attack surface management
We help small businesses identify what parts of their network are touching the internet, and use open source or commercially available tools to do that.
“The whole premise with that is if we can see it, our adversaries can see it,” Bailey says. “We also scan what we found to determine where folks might be vulnerable. Our service provides a tailored report for each of our customers that communicates the top three to 10 issues that they need to drill down on and take care of today.”
The CCC monitors open source and when they see mass exploitation of a vulnerability starting or a proof of concept for an exploit, they search their holdings to uncover which DIB customers are vulnerable to that new exploit, and notify companies within hours. “We have a 52% response rate to those notifications, which is significant and definitive proof that because of those communications, our customers are finding and fixing issues prior to getting compromised.”
This service supports NIST 800-171 risk assessment controls 3.11.2 and 3.11.3.
Threat intelligence collaboration
Simply put, you can sign an NDA and receive non-public DIB specific threat intelligence from NSA. The CCC also welcomes any insights that you want to share.
This service supports NIST 800-171 system and information integrity control 3.14.2.
Visit NSA.gov/CCC to start the enrollment process. Scroll halfway down the page, to get to a form that says, ‘Get Started’. Click that and walk through a very simple process.
As you work to improve the security posture of your company, we’re here to help. Contact the experts at CyberSheath today.