The two main concepts on which the U.S. Army’s cyber team is concentrated in order to protect its information are time and scale. Responding to potential threats in “machine time” in order to diminish the blast radius of a harmful event is crucial, as is executing cybersecurity that matches the breadth of resources in need of protection, says Army Senior Research Scientist for Cyber Robert Kimball.
The latter task involves sorting through a large amount of mostly “mundane and not really useful” data to, per Kimball, “look for clues to anomalous behavior and attacker behavior.” The Army’s goals are perhaps best solved, the research scientist suggests, through automated technologies.
“Machines have the capacity to look at enormous amounts of data, almost to the point where they look at everything,” Kimball told a virtual audience during the Potomac Officers Club’s Cybersecurity in the Modern Intelligence Community Forum on Nov. 16. You can watch the full event here.
Kimball additionally detailed how the service branch is looking to power SOAR — security orchestration, automation and response — systems with machine learning tools, hopefully resulting in totally autonomous, mechanized defenses for cyber architectures. In the Army representative’s view, this would work to declutter and root out some of the “chaff around cyber,” the excessive and needless stray data and residual stuff related to alerts and triggers that are routinely activated.
John Kearney, deputy for cyber operations and analysis in the cyber mission center at the Defense Counterintelligence and Security Agency as well as Kimball’s conversation partner at the POC panel, asserted that a collaboration between government and industry is one of the key change-makers for cybersecurity’s impacts on the U.S. Intelligence Community.
During the panel, Kearney contrasted the goals of counterintelligence and cybersecurity, naming the primary objectives of the former as to “identify, neutralize and exploit,” while the mission of the latter to extinguish threats by “shoring up vulnerabilities” and, as Kimball noted, combing through data. The difference is that counterintelligence is more targeted and focused than cybersecurity, but, in Kearney’s view, both have elements of playing defense to an enemy attacker’s offensive aggressions.
In the past, Kearney says the U.S. government was more siloed and “secretive” in its defensive stances and strategies toward cyber bad actors. But the executive thinks that “we’re on the cusp of having a stronger relationship with the defense industrial base and cleared industry.”
Kearney shared that the federal government is shifting into a more collaborative relationship with the DIB and industry members with security clearance out of a recognition that these commercial entities are the ones often responsible for creating the technologies that protect citizens and warfighters alike. Since they are the designers and manufacturers of these tools, the organizations can also be “low hanging fruit” for cybercriminals, Kearney reasons.
“In the IC, there’s the old way of thinking that we know better and we’re going to do it our way. I think the future is coordinating, integrating and sharing information with industry amongst our agencies,” Kearney explained.
This cross-sector joint effort and the surge in cyber threats in recent years (such as the incidents with Log4j, SolarWinds and more) have brought Kearney to the conclusion that “cybersecurity is the new counterterrorism.”
Tune in to the full conversation from the POC forum, along with a keynote address from U.S. Department of the Navy Principal Cyber Adviser Christopher Cleary, here.