The cyber resiliency of Department of Defense and intelligence community (IC) networks moving forward rests on re-organizing background checks for intelligence agents in order to eliminate the potential for insider threats, and creating effective policy to promote public-private partnerships to develop predictive analysis for potential threats to the domain, according to government and industry officials at a security conference on Wednesday.
Two separate panels of DoD and IC cyber and security officials spoke at the AFCEA INSA Intelligence & National Security Summit called for potential policy initiatives needed to solve logistical challenges to securing their respective networks.
“I don’t think our adversaries are going to be too careful about distinguishing who they pick on. If it’s going to come to one, it will ultimately come to all. I think that’s sort of an open-ended construct to back up the imperative for sharing,” Cyber National Mission Force Commander Rear Adm. T.J. White said on a panel discussing cyber readiness to protect government and military domains.
Both White, representing U.S. Cyber Command, and Lt. Gen. Paul Nakasone, commander of U.S. Army Cyber Command, pointed to public-private partnerships as critical for implementing predictive analysis as the next step in securing the cyber resiliency of their respective networks.
In light of the recent WannaCry malware attack, the panel urged for governmental and military organizations to adopt measures that thwart adversarial threats before they can affect the cyber domain, a skill which has been developed more thoroughly in the private sector.
Current policy on promoting the sharing of critical cyber threat data and information between federal organizations and the private sector is incomplete and unsettled, according to White.
“We need to quickly form partnerships with industry and academia without a bevy of lawyers. It’s critical to leverage the knowledge of the private sector in a way that is expansive, in-depth, unclassified and shareable,” said Nakasone, who does not believe the implementation of predictive analysis measures can be implemented by Army Cyber Command’s analysts.
The roadblock to developing greater relationships with the private sector remains a factor of trust that the information shared will be returned with equal value.
“The basic tenant of any model has to be that I am trusting you with sensitive information, I’ll trust you will do the right thing with that data. And I trust I’ll get some value back from what I share with you,” said Ron Bushar, vice president for Professional Services for cyber security company FireEye [FEYE].
Bushar argued for automated, real-time sharing of technical information between public and private networks to break barriers of mistrust and foster a greater sense of cyber security protection.
Insider threats remain among the greatest risks to federal networks, and members of the intelligence community and industry are pushing for a greater effort to complete background checks to ensure that all agents and employees are capable of ensuring cyber resiliency.
“Not only do we need to put the necessary funds towards reducing the backlog [of background checks], but also we need to be modernizing the process,” BAE Systems Vice President of Security Tom Langer said on a panel discussing transforming government and industry security.
Outdated credentialing processes and lagging investigative standards are allowing certain employees within the IC to pose a risk when it comes to protecting the integrity of their network, according to Dan Payne, director of the Defense Security Service.
“The adjudicative standards are pretty solid. The adjudicative standards encompass all the things that we would be concerned about with an individual to determine whether or not that should person should have access to our nation’s secrets. The investigative standards lay out what it is what we need to do to acquire the information if you need those adjudicative standards. I think that’s an area where we need to explore,” said Payne.
Payne and National Counterintelligence Executive for Office of the Director of National Intelligence Bill Evanina believe a common IT structure across the intelligence community, as well as continuous background evaluations of employees, are needed to eliminate insider threats.
“It’s an ongoing vetting of certain individuals,” Payne said. “Hopefully at some point in the future, we may be able to supplant secret-level re-investigations with continuous evaluation”
Much of the intelligence community has already implemented continuous evaluations in lieu of background checks every five or 10 years, according to Evanina.