The Cybersecurity 202: The NSA wants to collaborate with industry in a major institutional shift

The agency, which used to work in the shadows, is becoming far more public. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Sign up for this newsletter Read online Your daily cybersecurity policy download.       By By Joseph Marks with Aaron Schaffer  Email The NSA wants to collaborate with industry in a major institutional shift The National Security Agency, which once did its work almost entirely in the shadows, is evolving into a far more public institution that's eager to cooperate with parts of the private sector.  The most visible symbol of that shift is a cybersecurity collaboration center that opened in January and is custom-designed for agency officials to host industry cybersecurity pros and hash out responses to major hacking challenges.  The agency has worked out deals with numerous defense and technology companies to make regular visits to the center, said Rob Joyce, director of NSA's Cybersecurity Directorate, although he declined to name the companies or provide a specific number that have joined.  The goal is for some company officials to be based in the center full time, though that has been delayed by the pandemic, Joyce said.  "If you dealt with NSA a couple of years ago in cybersecurity, we were happy to catch things you would throw over that fence line, but we did not have the authorities and the processes to engage in a conversation back," Joyce said, referring to the physical barrier that surrounds the agency's home base in Fort Meade, Md., which is mostly inaccessible to folks without security clearances.  "That's what's changed," he said.  Joyce made the comments during a media tour of the collaboration center — another event that would have seemed outlandish a few years ago for the spy outfit that was jokingly referred to as "no such agency." Rob Joyce, director of NSA's Cybersecurity Directorate, speaks to reporters at the agency's Cybersecurity Collaboration Center. (NSA)  There are two key things that prompted the NSA's transformation.  First was the backlash to Edward Snowden's 2013 revelations about the agency's widespread surveillance, which sometimes scooped up communications from U.S. citizens who were in contact with foreign surveillance targets. In the wake of the leaks, NSA officials pledged to be far more transparent with the public about their operations. That's been a difficult task while also maintaining secrecy about spying operations.  The second major driver is the pace and scale of cyberattacks, which increasingly are threatening to destabilize the economy and threaten public safety.  The Colonial Pipeline ransomware attack in May disrupted gas supplies across the southeastern United States. The SolarWinds attack could have brought large chunks of the government and top companies to a screeching halt if the Russian hackers allegedly behind the operation had opted to launch a destructive attack rather than simply steal information.  "Things have to change because doing what we did yesterday isn't going to solve the problem," Joyce said.  Joyce wants the government to be better at preventing cyberattacks against industry rather than mopping up the damage once it's already happened, he said. "We don't want the federal government to be exceptional at incident response. At that point it's too late," he said.  Collaborating more closely with industry will also give NSA better visibility into the kind of attacks hackers are launching and a possible early warning about actions by adversaries such as Russia and China, Joyce said. Morgan Adamski, chief of NSA's Cybersecurity Collaboration Center, shows off the new center to media. (NSA) The center is designed for collaboration specifically with companies in the defense industrial base and that provide large-scale technology services.  That second category could include major technology platforms, cybersecurity companies and providers of cloud computing services.  "We have [company officials] coming in for meetings, conversations where we talk about specific actors or specific activity that we've been seeing," the center's chief, Morgan Adamski, said. "We also facilitate analytical, collaborative workshops so our partners can come in and we can work a specific topic for multiple days at a time." The center isn't giving up secrecy entirely.  Company representatives who spend a substantial amount of time there are expected to have security clearances so they can collaborate using information that's not shared with the broader public, Adamski said.  About one-third of the 3,600-square-foot center is set up for such classified conversations, though the remainder looks more like a traditional tech workspace with cubicles, large glass windows and pillars with inspirational slogans printed on them, such as "imagine," "ideate" and "transform." The center's connected through a virtual chat room with analysts at NSA's main campus who can share insights based on the agency's foreign intelligence collection.  The unclassified portion of the center is WiFi enabled, another novelty for the NSA because of concerns about leaking secrets.  Joyce made a show of tweeting from his personal cellphone during the news briefing, something that's not usually possible in the classified environments he works in. In a further nod to transparency, the agency is working on setting Joyce up with an official government Twitter account to post from rather than his personal account, he said.  Share The Cybersecurity 202    On the move Chris Krebs is joining the advisory board of the cybersecurity company SentinelOne.  Fired Cybersecurity and Infrastructure Security Agency Director Chris Krebs testifies before a Senate Homeland Security and Governmental Affairs Committee hearing.  The former director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has also launched a consulting firm with former Facebook cybersecurity chief Alex Stamos since involuntarily leaving office late in the Trump administration.  Krebs praised SentinelOne, noting that the company, which uses automated tools to probe for evidence of hacking, could help companies combat threats such as ransomware. "Traditional, human-powered approaches and solutions are struggling to match the pace of the increasingly automated threat," he said.  President Donald Trump fired Krebs by tweet after his agency vouched for the security of the 2020 election, which Trump said without evidence had been undermined by fraud.    The keys Executives at a French spyware company were indicted on charges of "complicity in acts of torture." The company sold surveillance software to Egypt after a military coup that brought Abdel Fatah al-Sissi to power. (Adel Hana/AP) Four current and former employees of the company Amesys, which is now known as Nexa Technology, are facing charges over sales of spyware to Libya and Egypt. Critics say the spyware helped those governments torture and disappear dissidents, MIT Technology Review's Patrick Howell O'Neill reports. The next step is for judges to determine whether there is sufficient evidence to send the case to a criminal court. The indictments are "unprecedented," according to Amnesty International Tech Director Rasha Abdul Rahim. She said the indictments "send a clear message to surveillance companies that they are not above the law, and could face criminal accountability for their actions." Nexa did not respond to a request for comment. The United States and European allies created a joint working group to "address the scourge of ransomware." The announcement came as Homeland Security Secretary Alejandro Mayorkas met with European allies in Portugal. (Antonio Pedro Santos/EPA-EFE/Shutterstock) The group's work will include sharing information about hacking groups and best practices for combating them, Politico EU's Laurens Cerulus and Clothilde Goujard report. Homeland Security Secretary Alejandro Mayorkas and European officials "agreed on the importance of together combating ransomware including through law enforcement action, raising public awareness on how to protect networks as well as the risk of paying the criminals responsible, and to encourage those states that turn a blind eye to this crime to arrest and extradite or effectively prosecute criminals on their territory," a joint statement noted. Colonial Pipeline is facing a potential class-action lawsuit after a ransomware attack. The suit comes a month and a half after ransomware hit the company. (Mark Kauzlarich/Bloomberg News) The lawsuit would be brought on behalf of about 11,000 gas stations that ran short on fuel during the attack, Bloomberg News's Christopher Yasiejko reports. It claims that the May ransomware attack hit Colonial "despite advance knowledge and warnings," and that the company "repeatedly ignored and rejected efforts by the applicable regulatory agency to meet with it so as to check on its cybersecurity."  Colonial did not respond to a request for comment. The company has defended its response to the hack, which included paying hackers a $4.4 million ransom that was partially recovered by U.S. law enforcement.   Global cyberspace U.S. seizes websites linked to Iranian government propaganda By Devlin Barrett and Kareem Fahim ●  Read more »   Russian security chief says Moscow will cooperate with U.S. against hackers - report By Reuters ●  Read more »   Polish intelligence agencies link cyberattack to Russia By Associated Press ●  Read more »     Securing the ballot   Cyber insecurity Garland: More "depth" needed to protect against cyberattacks By Eric Tucker | AP ●  Read more »   Ransomware gang Cl0p announces new victim after police bust By Motherboard ●  Read more »     Hill watch A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill - CyberScoop By CyberScoop ●  Read more »   House passes bill to bolster state plans to ward off infrastructure attacks By The Hill ●  Read more »     Daybook The Senate Armed Services Committee's cyber panel holds a hearing on ransomware today at 2 p.m. FBI director Christopher A. Wray testifies before a Senate Appropriations Committee panel today at 2 p.m. The House Small Business Committee holds a hearing on CMMC cybersecurity implementation on Thursday at 10 a.m. Cybersecurity and Infrastructure Security Agency officials discuss ransomware at an Infosec webinar on Thursday at noon. The Cyber Threat Alliance holds a webinar on botnets and cybersecurity labeling on Thursday at 11 a.m. John Sherman, the Pentagon's acting chief information officer, testifies before a House Armed Services subcommittee on June 29 at 2 p.m.   Secure log off   We think you'll like this newsletter Check out The Optimist for a selection of inspiring stories to help you disconnect, hit refresh and start the week off right, delivered every Wednesday and Sunday. Sign up »

Manage my email newsletters and alerts | Unsubscribe from The Cybersecurity 202 | Privacy Policy | Help You received this email because you signed up for The Cybersecurity 202 or because it is included in your subscription. ©2021 The Washington Post | 1301 K St NW, Washington DC 20071