The National Security Agency (NSA) is focused on enhancing its partnerships with industry to take down cyber adversaries in concert, NSA Cybersecurity Director Rob Joyce said at an event hosted by the Center for Strategic and International Studies on April 11.
Joyce explained how the majority of the digital landscape belongs to industry, making collaboration with those stakeholders a top priority for his agency.
“They have intelligence capabilities that are vital to the defense of cyberspace,” he said. “Industry owns and operates most of the digital landscape. And if we can’t figure out how to take the things we understand from that foreign intelligence mission – reaching into adversaries’ faces and pulling down threats, tools, tradecraft, and information about those operations – and get them to the people who can do something about it, we’re not very effective.”
Joyce explained a concept called “active defense” with a soccer analogy, saying that it comes down to making sure the adversary doesn’t get to take countless shots on goal “unimpeded.”
“For active defense, one of the things is that public posture of NSA – taking the tools and infrastructure from adversaries and outing those with the help of industry so that all of us work together to take away those capabilities,” he said.
One way NSA is working to enhance its partnership with industry is through its Cybersecurity Collaboration Center (CCC). The CCC aims to create an environment for information sharing between NSA and its industry partners.
“The intent is to operationalize the things we know with the people who can do something about it,” Joyce said of the CCC. “We have a center that is mostly unclassified, but still has a classified portion to it. And what it does is it lets us interact with the industry.”
“They run and operate the internet, they run and operate the tools and capabilities that we all rely on. So, if we can take and understand a threat, and get it to that ecosystem at an unclassified level, that’s the key,” he added. “What we work hard at is getting those secrets sanitized to the point they can be actioned.”
A key piece of the CCC is the Enduring Security Framework (ESF), which is a public-private partnership that’s focused on addressing cyber threats and giving threat actors “a bad day,” Joyce said.
The ESF is run by NSA and the Cybersecurity and Infrastructure Security Agency (CISA), bringing chief executive officers (CEOs) together to discuss relevant cybersecurity topics, such as 5G cloud security.
Overall, Joyce said the CCC is the NSA’s “experiment” to improve its collaboration with industry, noting that the experiment thus far is “going great.”
“We started with one company a little over two years ago, we’re at 300 that we interact with, many of them on a daily basis in this analytic exchange – 100 percent voluntary,” he said. “That’s one thing we found is worth getting, this willing set of folks that can make a difference.”
“So, what we’ve got to do is we’ve got to continue getting faster at being able to take the things that are sensitive and get them into the operational space. And today, that’s still a pretty manual process,” he continued. “That’s where we’re headed is how do we take some amount of that SIGINT intelligence [signals intelligence] and have it automatically flow at the speed of cyber – because that’s really where we’ve got to be.”