Since 2004, the Defense Department has been a part of an international Computer Emergency Response Team through NATO.
But only in the last few months has DoD and some of its allies been able to share cyber threat information and work together in real time.
Ian West, the cybersecurity chief of the NATO Communications and Information Agency, said the launch of a new encrypted workspace lets five countries test how they can share secure video, voice, chat and information gathering capabilities.
“Cyber attacks happen obviously very quickly and the days of telephone calls and emails really don’t cut it with the cyber threats we are facing now. My agency, under its digital endeavor vision, came up with an idea of extending an existing network out to each of the 29 allies eventually. We started with five just as a test,” West said on Ask the CIO. “We’ve given them each a secure laptop, which enables us to speak together, to see each other, with secure voice, secure video and collaborative spaces so we can work together in real time. It’s a real game-changer for us.”
West said the capabilities to share data and collaborate in real time aren’t new, but not until now has there been a concerted effort to connect the experts in the cyber trenches.
“This capability is being delivered to the very guys who are watching for those vulnerabilities to be exploited, who are seeing new things and often these new things hit us all the same way,” he said. “So having these people who are literally on our front lines are able to quickly, immediately in real time are able to speak with partners across NATO is something special.”
NATO started the test with the business network versus its operational network.
West said most of the technology in this secure network is from commercial providers with a few tools that were developed internally by partner countries and shared broadly.
“This really does bridge a gap,” he said. “We’ve had agreements with our allies on information sharing, threat intelligence and sharing best practices for a number of years now, but there has been a gap in the ability to be able to interoperate and collaborate in real time. This cyber collaboration network really fills that gap.”
Still struggling to have two-way sharing
Jamil Jaffer, founder and executive director of the National Security Institute at the Antonin Scalia Law School at George Mason University in Fairfax, Virginia, and vice president for strategy and partnerships at IronNet Cybersecurity, said the international situation around creating a trusted cyber threat sharing environment that the U.S. government faces with its allies is similar to the industry-government relationship.
“We can help protect Europe better from the Russian threat if we provide information that we are seeing from the Russian threat, and they can frankly be the canary in the coal mine for us if they tell us what they are seeing from what the Russians are doing to them. The thing about the Russians, the Chinese, the Iranians and the North Koreans is they are not going up against U.S. companies and the U.S. government first, they are doing it in their areas of responsibility. They are doing it in Asia. You see the Chinese first going up against the Taiwanese, the Japanese or the Singapore government, and then they use the same techniques if they are successful against the U.S. You see the same things with Iran in the Middle East and the same thing with Russia in Eastern Europe,” Jaffer, who also served as senior counsel to the House Permanent Select Committee on Intelligence and on the National Security Council in the White House.
He added, “If we are going to get better at our defense, we need to learn from our colleagues in those areas of threats. And they can get better defense if we provide them with more advance capabilities and provide them some of our learnings. These cross border things like what NATO is doing are really critical in helping the allied nations defend themselves from these threat actors who are getting more and more aggressive.”
Jaffer said NATO has been doing a lot of work on the policy side around cyber and more recently has been focusing on sharing of intelligence and offensive and defensive capabilities.
“The word of the day has got to be collective defense. Too often in cybersecurity we talk about having this end point tool or that tool, but the real game changer is adopting that collective defense model and defend one another from these threats,” he said. “You have to be willing to tell all your partners and eventually over time, what your threat picture looks like and what you can learn from one another. We almost need a radar system in cyberspace or an air traffic control system.”
In many ways, that’s the realization among the NATO countries that the cyber experts can’t just look straight ahead at the threat, but has to see all the angles.
“Our first call was really great when you can actually see the faces of the people who are doing exactly the same thing within their area of responsibilities and the discussions were all around what they were seeing today, what was the latest in the cyber espionage campaign or the latest with a certain virus,” West said. “If we can work together during, for example, the next WannaCry or next NotPetya, and just prove we have made NATO security better because of some information that has been passed over this network or we have been able to help an ally, that will be proof of this investment and the investment itself is very minor in dollar terms.”