If federal agencies want to boost cybersecurity they’ll need to organize data beyond lakes or stores. It will take a concept of operations, which is why the U.S. Cyberspace Solarium Commission recommended a joint collaborative environment in March 2020.
A collaborative environment would help pool federal government data on cyber threats and cyber incidents, and would allow the private sector to both share information in and get insights out, said Robert Morgus, senior director for Task Force 2 at the Commission.
“The way that we look at this particular proposal being implemented, if it does come to fruition over the next few years, is in a couple of steps, where you’ll have to work on the fed gov side to get the information that the different departments and agencies both on the high side and the low side collect,” Morgus said on Federal Monthly Insights — Cybersecurity (and aggregating cyber-related data). “We need to get that all consolidated, standardized and interoperable, shared into this environment. And then the second step will be to figure out a way to plug the private sector.”
He cited the U.K.’s National Cyber Security Centre as a model: It has “high side” – more trusted – and “low side” – less trusted – floors which communicate but are in different environments, he said. The commission envisions this joint collaborative environment residing within the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, given the number of touchpoints that agency has between the federal and private sector sides.
Of course, laying the groundwork for the joint collaborative environment is considerable, starting with an act of Congress.
“I think part and parcel of that there needs to be some sort of nudge, likely from the Hill to get the federal departments and agencies that do collect relevant cyber threat data, cyber incident data, then to start talking to one another about how they make sure that that data can interact with data from other agencies,” Morgus said on Federal Drive with Tom Temin. “So standardization, interoperability – there needs to be some sort of conversation about the actual infrastructure that would enable this.”
The commission is still trying to determine the costs for such an undertaking over the next decade, but Morgus said the concept has some interest in Congress and he would not be surprised if the joint collaborative environment received some funding in this year’s National Defense Authorization Act.
As for one large organization already storing and organizing cybersecurity-related data, the Department of the Navy broke up data management into 12 separate information domains, each with a “data steward” to help manage. Those stewards meet at monthly data governance board meetings to discuss cross cutting activities as well as top-level policies coming down from the DON Secretariat, DON Chief Data Officer Tom Sasala explained.
Yet cybersecurity information is not one of the 12 domains; that gets rolled into enterprise operations in order to combine cyber data with other IT operations including investments and funding, he said.
“I would say the most dynamic areas really are on two sides: On the business side, we have the financial management, the human capital side, where there’s a lot of activity around the audit readiness and just general training and readiness of the forces. And then on the warfighting side, we have a lot of activity that is ongoing right now in theater, support to the [combatant command], specifically [U.S. Central Command] and Pacific Rim right now for us,” Sasala said.
Meanwhile, the CDO’s office performs ongoing work for the deputy secretary of Defense on predictive analysis for sexual harassment prevention, “or as we call it, integrated violence detection and prevention,” as well as general business indicators and where funding is spent for IT to support needs of the future.
Cybersecurity can cut across all of these areas because they all have data needing protection. Sasala said data is a “horizontal enabler” similar to how COCOMs are structured with geographical and functional sides. DON is struggling to a degree with addressing horizontal data aspects and getting a cybersecurity professional to support all the rest of the 12 domains, he said.
DON is working to fuse real-time, incoming sensor data with story data, in order to perform predictive analysis to spot emerging threats before they occur.
“That’s actually very exciting from a cybersecurity perspective, is getting out of that reactionary mode and getting more into that predictive and prescriptive analysis, and getting ahead of the bow wave, if you can,” he said. “Cybersecurity, with all the zero days and things being discovered all the time, and persistent state actors is quite a challenge — as you get that kind of persistent threat that is just a common deluge of continuous activity that is difficult to ferret that out from some of the more directed attacks.”