Published on December 30th, 2022 📆 | 3348 Views ⚑
0Why the US must view cyberspace as one battlespace
The United States is at an inflection point when it comes to the future of our nationâs cybersecurity.
To harden our defenses, top U.S. cyber officials are providing fresh vision and new national-level strategies: This fall saw the unveiling of the Cybersecurity and Infrastructure Security Agency (CISA)âs first comprehensive strategic plan, followed by the release of the new U.S. National Security Strategy, which emphasizes the need to secure cyberspace.
As we look to the new year, the Office of the National Cyber Director will soon release a National Cybersecurity Strategy, laying the foundation for how our nation responds to cyberattacks. And at the same time, cybersecurity is one of few areas where we expect to see bipartisan effort this next Congress, led by new cybersecurity champions in the House and Senate.
With this groundwork laid, now is the time to think âbig pictureâ about how we approach our national cyber strategy.
Ensuring future cyber superiority will require us to see the cyber threat landscape in the same way our adversaries see it: as one battlespace. When adversaries devise strategies for digital conflict, they donât view the federal government, the defense and intelligence communities, public infrastructure, and private industry as separate targets. To our adversaries, this target-rich environment is one connected battlespace.
To defend in one battlespace, the U.S. needs a holistic approach to cybersecurity. No single organization can protect our nation alone. That is why transforming national cyber capabilities will require a unified approach that fosters operational collaboration, best-in-class solutions, and synchronized capabilities.
Fostering operational collaboration
In one battlespace, the public and private sectors are intertwined â and the digital and physical realms converge. Case in point: Colonial Pipeline. What started as a ransomware attack on a privately-owned oil pipeline system quickly escalated to national-level concern and widespread disruptions to pipeline operations, fuel supply, and travel. This brought to light a harsh reality: Critical infrastructure is vital to public health and safety, the economy, and national security â yet much of it is run by privately owned companies. That is why public-private partnerships and information sharing are so crucial to securing our infrastructure and ensuring collaboration between government and industry.
Effective information sharing is not always easy, but recent events have shown itâs possible.
Following Colonial Pipeline, a rapid review found the Transportation Security Administration (TSA) had emergency authorities to mandate the transportation sectorâs minimum cybersecurity guidelines. The TSA then convened transportation sector executives, provided them with a classified briefing to explain the context behind the threats, and ultimately adjusted their security guidelines based on this back-and-forth.
This is a step in the right direction. In the future, however, itâs important to note private companies may say the governmentâs information sharing comes too late or is too watered down to be actionable. To achieve operational collaboration, the government must share threat intelligence more quickly. Private companies, in turn, must trust that sharing information with the government will improve our collective cyber defenses, rather than lead to penalties.
Focusing innovation where itâs needed most
Securing one battlespace requires a holistic view of tools, including those used by our adversaries and those at our disposal. Itâs important for organizations, regardless of sector, to pay close attention to adversarial tactics, techniques, and procedures to help them stay ahead of threats and harden their critical systems. But thatâs only the beginning. We also need government and industry working together to mobilize the national cyber tech and innovation base.
Ultimately, the weak links in our cyber defenses are not due to a lack of investment and innovation; they are due to lack of collaboration to maximize return on investment.
As a nation, we are pouring billions of dollarsâ worth of appropriations and private capital into cybersecurity. But whatâs missing is a clear sense of direction for how to proactively focus the nationâs collective cyber defenses to ensure weâre deploying the latest innovations when and where they are needed most.
The U.S. should ensure integration between those on the front lines of our cyber defenses and those on the cutting edge of developing new tools and products. To achieve this, the federal government should make targeted investments in best-in-class innovations, ensure they remain appropriately safeguarded, and deliver the right capabilities at the right time to support critical missions. This should include fostering viable incentive structures that help start-ups, accelerators, and incubator programs plug directly into government research and development efforts â bringing early-stage companies into the national mission at the onset.
Synchronizing offense and defense
In one battlespace, we must view defensive and offensive cyber operations as two sides of the same coin. But all too often, defensive and offensive operational planning and execution functions are isolated, with siloed missions, resources, and capabilities. Defensively, this creates shortfalls in cross-domain protective measures and leaves defenders with limited knowledge of adversariesâ offensive tradecraft. Offensively, the disconnect between mission developers, capability providers, and defenders prevents offensive mission owners from benefiting from data on tactics, techniques, and procedures learned during cyber defense operations.
To outpace our adversaries, Congress should establish clear authorities for the oversight of defensive and offensive cyber collaboration that enable the U.S. to synchronize national defensive and offensive operations with appropriate strategies, operating models, and governance. National-level wargames could help pressure test the resulting offensive and defensive collaboration. This would support achievement of operational integration that unlocks the full efficiency and effectiveness of U.S. national cyber capabilities.
Weâve reached a crossroads in our nationâs cybersecurity journey. We can choose to view the threat landscape as one battlespace, just like our adversaries, and deploy a unified approach to defend it. We can choose to improve public-private partnerships, foster innovations that support critical missions, and integrate offense and defense. But if we fail to do so, we choose to risk everything. The time to make that choice is now.
Brad Medairy is executive vice president and leader of Booz Allen Hamiltonâs national cyber business.
Gloss