RSA 2022: Using Critical Threat Intelligence Strategically
CISA, FBI and NSA discuss changing threat landscape and how private-public sector collaboration is helping in fight against cybercrime
Broadcom Software knows the importance of Threat Intelligence, and during a lively #RSAC panel discussion, “Using Critical Threat Intelligence Strategically,” panelists Natalie Pittore, Chief of Enduring Security Framework, National Security Agency, Erin Shepley, Chief, CISA Joint Cyber Defense Collaborative (JCDC) and Scott Hellman, Supervisory Senior Resident Agent, FBI highlighted how the collaboration between the private and public sector is having a measurable impact in the fight against cybercrime.
“Before, in the early days, it was trust brokering,” said Pittore. “Now, it has evolved to us solving problems together.”
For example, Broadcom Software last year was selected to become a member in the Joint Cyber Defense Collaborative, a joint collaboration between federal agencies and the private sector led by the Cybersecurity and Infrastructure Security Agency (CISA) to bolster the nation’s cyber defenses through planning, preparation, and information sharing.
In the past, the private sector would pass threat information to the federal government but didn’t know if and how that information was used. The JCDC is trying to correct that situation through the establishment of a unified effort among government agencies and private sector partners so that the parties can share and validate threat information, and then act on it.
In the past, the private sector would pass threat information to the federal government but didn’t know if and how that information was used.
One of the most valuable contributions the private sector brings is “in the trenches” knowledge about the threats facing today’s organizations. “Yes, data is important, but when you bring experts and shared experience together, it provides the context around the data. All that insight and deep human intelligence – to me, that’s what is so unique and powerful about our collaboration,” explained Pittore.
Looking back over the past 10 months, Shepley pointed to JCDC’s response to Log4j as a significant milestone in private-public collaboration. “Log4j was one of our first trials and we hit it out of the park.”
In addition to creating a public-facing website so organizations could see if any of the software/hardware they run was susceptible to Log4j, Shepley said “behind the scenes, we were also tracking adversaries who were looking to exploit Log4j, and examining what sectors were targeted.” Other successes included the launch of the agency’s ShieldsUp initiative and the increase in advisories – not just in number, but also making them more consumable and easier to find.
Adapt Fight to Changing Threat Landscape
While ransomware has ballooned over recent years, Hellman said that some of the biggest breaches “have stemmed from password reuse and social engineering to bypass multi-factor authentication (MFA). “With the adoption of MFA, the bad guys have to work to get around it and other security measures,” he said. Phishing also remains a constant threat with more than 324,000 phishing attempts reported in 2021.
Hellman emphasized that the FBI and other federal agencies must continue to adapt to the changing threat landscape. For example, he said there continues to be an increase in crypto-related crimes. “As those new crimes pop up, we constantly must evolve – how to solve for “X” now. Every day, there is a new problem.”
Invest in Incident Response Plans – Today
“I think there is often a disconnect with what people expect from us after an incident happens. Ransomware is a good example. There is sometimes an (unrealistic) expectation that we have a wand that will decrypt your data and get your money back,” said Hellman. “In reality, our mission is investigation.” Instead of waiting to contact the FBI after a breach occurs, Hellman advises organizations to contact and build a relationship with the bureau now – before an incident takes place. He recommended that organizations develop a disaster recovery plan, with tabletop exercises, and share the FBI to provide feedback. “Post-incident, in an emergency meeting, our job is to collect information to identify who did it and see if we can stop or slow them down.”
Pittore encouraged organizations to, if possible, find a way to anonymize and share an incident’s details as soon as possible after an attack is discovered. “It’s not helpful three months later when you decide to announce the incident in a blog – by then, it’s too late.”
What’s Next: The Path Forward
While citing continued progress, Pittore remarked the federal agencies are constantly evaluating how to improve the private-public collaboration. “How do we scale? Where can we have that most effective outcome? Do small- and med-sized companies have a fair shot against today’s attackers? The challenge is always there.”
Shepley agreed that the “information infusion” gathered from private-public collaboration must always be focused on outcome. “How do we do collective defense? It’s new, hard, and complicated.”
To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.
We encourage you to share your thoughts on your favorite social platform.