Cyber Leaders Exchange 2024: NSA’s Kristina Walter on exposing ‘sophisticated’ cyber adversaries

The National Security Agency’s Cybersecurity Collaboration Center is ramping up its outreach on advanced cybersecurity threats, while also engaging with industry on emerging artificial intelligence risks.

CCC Director Kristina Walter pointed to NSA’s recent work with several agency partners in exposing “People’s Republic of China-linked cyber actors” that compromised internet-connected devices to create a malicious “botnet.” The FBI announced it had taken down the Flax Typhoon botnet in September.

“We are looking to build these campaigns that are not just NSA. They’re really whole-of-government,” Walter said during Federal News Network’s Cyber Leaders Exchange 2024.

“That’s what we would like you to see more of moving forward —that we can work together to really understand this sophisticated activity. We can develop the hunting guides to help everybody detect it and get it out to the public as soon as possible, and then enable our interagency partners to take actions that impose cost on the actors for doing that.”

U.S. officials earlier this year warned a China-linked threat group called Volt Typhoon had infiltrated power, water and other critical systems in the United States.

Officials have highlighted how Volt Typhoon marked a shift from using cyber intrusions for intellectual property theft and intelligence gathering to something potentially more nefarious.

“The alarming change when it came to Volt Typhoon is we also saw an attempt to pre-position in critical infrastructure for destructive purposes, to really sow discord, if and when needed,” Walter said.

She said China-linked threats are now more of a focus for the cross-sector Enduring Security Framework working group. ESF’s recent guidance has focused on discrete technology areas, such as 5G and software security, as opposed to specific nation state threats.

“We’re looking at when we talk about PRC earlier, and the way the telecommunications fabric of the United States is being leveraged by malicious actors to target. That’s a topic that we really want to look at from the Enduring Security Framework, where we can gain all those perspectives to put out guidance to the community to use,” Walter said.

NSA’s work with defense industry

NSA established the collaboration center nearly four years ago to work with the defense industry to combat cyberthreats. Walter said CCC now works with more than 1,000 industry partners.

That includes large defense contractors with big cybersecurity teams. Nation state hackers often target those companies, which means industry can share useful data about how cyber adversaries are targeting U.S. technologies and networks.

“They’re the ones experiencing it every day, and so we really get our teams together who understand the plans and intentions of malicious cyber actors with the net defenders in industry,” Walter said. “And we can share information out that says, ‘Here are the tactics and techniques that this actor uses to defend against it.’ And then they can come back in and see this is practically how we saw them targeting our network. Here’s how we can tailor this mitigation guidance to be more relevant based off what we’re seeing.”

But Walter said CCC also strives to work with smaller defense contractors that may need cybersecurity assistance. The center offers a range of free cybersecurity services to defense contractors, such as protective domain name system (DNS), attack surface management and threat intelligence collaboration.

Walter said more than 1,200 companies have now enrolled in the services.

However, tens of thousands of companies in the defense industrial base will soon have to comply with the Defense Department’s Cybersecurity Maturity Model Certification requirements. CMMC will require many companies to get a third-party certification that they comply with National Institute of Standards and Technology Special Publication 800-171.

“We don’t satisfy all of them, but some of those controls are DNS filtering, scanning of your perimeter network, addressing unpatched systems, enrolling in cyberthreat programs,” Walter said. “So we do help companies to achieve some of the pathway to CMMC, and we are working with the department and their certification arm to make sure that if companies are enrolled in the service, they can get credit for that when they’re pursuing their certification.”

CCC’s AI Security Center at NSA

The collaboration center last year also established an AI Security Center to specifically address artificial intelligence threats.

“It was really designed to take the goodness that we had from a cybersecurity perspective, but also bring in the years of research experience that we have looking at how to use AI, how AI could be used maliciously, and make sure that we get that information out,” Walter said.

The AI Security Center’s focus includes thwarting foreign cyber actors that attempt to steal intellectual property related to AI models. The center is also working to partner with the frontier model companies and academia to help them “defend at scale,” Walter said.

And the center is also releasing AI security guidance, such as its most recent publication on how organizations can deploy AI securely.

“NSA is really focused on the cybersecurity aspect of AI security, looking for cybersecurity vulnerabilities and making sure that it’s being used securely in defense industrial base and national security systems,” Walter said.

Discover more articles and videos now on Federal News Network’s Cyber Leaders Exchange 2024 event page.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.