State-sponsored cyberattacks from national agencies or affiliates are a rising concern. Even though U.S. cyber-responses have become more prevalent, foreign hackers still pose a powerful threat, given the ever-changing threat landscape and heightened abilities of these adversaries.
We see it in the news. In the spring of 2017, Russian military hackers hijacked an accounting software company’s servers to allow them a hidden back door into the thousands of PCs around the country and the world. In June 2017, the saboteurs used that back door to release a piece of malware called “NotPetya”, their most vicious cyberweapon yet. It used a two-stage attack including Eternal Blue, a penetration tool exploiting a previously patched Windows vulnerability, and Mimikatz, a memory scraper for passwords that was employed once unpatched systems were compromised in order to compromise patched systems on the same networks. “NotPetya” resembled ransomware “Petya” but was not ransomware, and in fact had a purely destructive purpose. This, and more, is reinforcing the notion that advanced military cybersecurity strategy is important now, more than ever.
According to a Thomson Reuters Labs blog, the U.S. is ranked the highest for state attributed cyberattacks, followed by the United Kingdom and Germany – an important statistic to back the need for sophisticated cybersecurity practices.
We recently welcomed Ensign Josh Moss and Major Chris Elgee at our monthly cybersecurity partnership webinar series to discuss this evolving topic. Josh is in the U.S. Coast Guard Reserve as a Web Application Strike Team Leader at the U.S. Coast Guard (USCG) Cyber Command and Chris is the Team Chief for the Massachusetts National Guard’s Defensive Cyber Operations Element. Josh and Chris filled us in on the advancing cybersecurity strategies taking place within the military and explained how those efforts cross over into the safety and security of private sector organizations as well.
We gathered some important takeaways from our discussion with them and the outcome is uplifting: cybersecurity is now being treated as a domain and the government is on board, now, more than ever before.
A Strong Pledge
Ten years ago, most military computer systems were not standardized across different military services. Because of this lack of consistency, there were many inefficiencies and little communication between services when a cyberattack occurred. If a shipping company were hit by ransomware, the USCG may have taken little to no action to resolve the issue. The military services have since implemented and are working to further develop their cyber commands in addition to staffing and operating the Combatant Command level unit U.S. Cyber Command.
Today, both the USCG and National Guard (among other branches) have a clear commitment in protecting our nation in cyberspace. They have worked to standardize their networks and continue to develop their cyber commands. Each branch now operates information systems as part of a standardized wider intranet, called the Department of Defense Information Network (DODIN). It is the responsibility of the military to protect the DODIN. Having a secure information system network from which to conduct operations from strengthens the military’s ability to respond to cyber threats. This ultimately protects private sector organizations, in turn protecting U.S. citizens from harmful cyberattacks.
Branch and Private Sector Collaboration
Branches are also making strides at standardizing processes that involve deterring malicious activities, staying persistent on a day-to-day basis, and increasing resilience of critical infrastructure. Many members of different cyber teams have crossed over in the private cybersecurity industry, so operations are becoming increasingly similar; whether that be protection in a port or protection while on a domestic response mission.
The Coast Guard, Army National Guard, and other branches are always ready to respond, whether it’s government related, or for a private sector organization. There are active, reserve, and civilian members of cyber teams ready for all-hands-on-deck situations at any time.
For example, the Coast Guard might get the call that there is a maritime transportation sector port cyberattack going on. They have response kits built up and ready to go. The Coast Guard cyber team arrives in blue uniforms and partners with the private sector company to collect information on the malware. Then they would help the company remediate and recover. Next, they would share their findings so that private and public sector organizations have the threat intelligence they need to respond to a similar attack.
The National Guard is also likely to interact with critical infrastructure organizations, such as state and local, and on occasion some specific teams will partner with utility companies. If an organization needs help, the military will assist by working alongside them and providing guidance at each step.
Cybersecurity Culture is Needed and the Future is Strong
We’ve been hearing loud and clear that organizations – large, small, public sector, private sector, you name it – want and need stronger cybersecurity programs to strengthen their resiliency. In the military, that attitude is no different. In order to ensure the strength of cybersecurity programs, it all starts with creating a cybersecurity culture, where the focus is on people, process and technology.
As the military tries to consistently standardize between branches, we can apply that same mindset to our own organizations. It’s important to have an established incident response plan when it comes to cyberattacks, as we are seeing more and more stories of smart hackers taking down organizations and local government agencies every day.
As for the military’s cybersecurity path…the future is strong. According to Chris, they are on track to grow military cyber units, and they will continue to partner with the private sector indefinitely. Both Josh and Chris are confident that the military will continue to maintain existing programs while innovating on new ideas to keep our country and citizens protected as hackers become more sophisticated.