How Federal-Private Relationships Help Identify Cyberattacks Faster

Federal cyber leaders called for increased communication, relationship-building and information-sharing between federal agencies, private vendors and key cyber partners like the Federal Bureau of Investigation, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency over the last year, resulting in initiatives like CISA Director Jen Easterly’s Joint Cyber Defense Collaborative (JCDC) and the cyber incident-reporting mandate.

These partnerships and initiatives resulted in quick identification of distributed denial of services attacks in Ukraine and examination of the potential threat and impact on the United States, CISA Joint Cyber Defense Collaborative Chief Erin Shepley said at the RSA Conference in San Francisco Monday.

“We were able to get those indicators of compromise around … share them with the private sector and quickly access are any targets coming for the United States? Are they targeting their financial sector? What’s going on here?” Shepley said. “We wouldn’t have been able to do that work without the private sector, so that’s just one example of many in that particular instance, where it was critical that we use their tooling, their technology and their visibility to understand what impact you’re going to see.”

NSA Chief of Enduring Security Framework Natalie Pittore said she works with her agency’s Cybersecurity Collaboration Center and cultivates industry partnerships to prevent and address foreign cybersecurity threats across national security systems, the defense industrial base and Defense Department. She said that although threat intelligence data is important in her field of work, the people and collaboration across organizations bring critical context and creativity in combating cybersecurity threats.

“We have a threat against the defense industrial base — we’re unified by a common purpose, we’re unified by this common goal,” Pittore said. “That creativity and innovation that really comes from it is, what I see, is like secret sauce — that richness that’s really coming from the work, and I think that’s why we’re seeing so much when it comes to our services, our advisories and everything coming out.”

FBI Supervisory Senior Resident Agent Scott Hellman said agencies like his have seen ransomware balloon over recent years and have taken on a variety of forms, from nation-state attacks to criminal activity.

Through relationships with federal and private partners, the FBI draws information about the evolving nature of various cyberattack vectors and crimes — including how actors are overcoming security measures like multi-factor authentication (MFA), a key component of zero trust.

“Everybody knows security is never simple,” Hellman said. “It’s always a multi-layered approach, but you’ve got to have your core basics in check as best as you can. We saw 324,000-plus phishing attacks get reported to the FBI in 2021 along, and some of the largest breaches that we saw throughout the year stemmed from password reuse and social engineering to bypass multi-factor authentication.”

Although the FBI, NSA and CISA have been developing connections with each other and the private-sector, leaders from the agencies said that there are still some important steps that their partners need to take. For Hellman, it’s developing and understanding a disaster recovery plan. For Shepley, it’s anonymizing and sharing information as soon as possible when an incident occurs.

“Find a way to anonymize [the incident data] so that we can identify if it’s part of a broader campaign? Can we alert the rest of critical infrastructure?” Shepley said. “Because that’s really one of those benefits that’s going to happen. Tt’s the hardest. No one wants to share during that period, but it’s beneficial.”