SAN FRANCISCO In line with the theme for this years RSA Conference,Stronger Together,Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), and U.S. Army Maj. Gen. William J. Hartman, U.S. Cyber Commands Cyber National Mission Force commander, delivered a presentation on the importance of partnership in defending Americas critical infrastructure while holding malicious cyber actors accountable.
Goldstein and Hartman shared newly-declassified details of interagency responses to cyber attacks from nation-state actors and cybercriminals, including how CNMF shares information from foreign operations to enable CISAs domestic defensive mission. They also discussed how CISA shares information from domestic cyber incidents to enable CNMFs operations to impose costs on foreign malicious cyber actors. Goldstein and Hartman discussed case studies, including the SolarWinds campaign, the mitigation of Chinese hacking of Microsoft Exchange, the disruption of Iranian targeting of an election reporting website, and ongoing data-sharing from cyber criminal targeting of federal agencies and educational institutions to enable CNMF operations.
As our nations cyber defense agency, CISA recognizes that we must leverage all tools and capabilities to increase costs against our adversaries. Our work with CNMF enables us to not only more effectively defend our nations critical infrastructure from cyberattacks but also clearly demonstrate to our adversaries that there is a price to pay if you decide to attack American infrastructure, said CISA EAD Goldstein. Our presentation demonstrated for the first time how this partnership yields real-world operational benefits and how we rely upon collaboration with, and incident reporting from, the private sector to catalyze this work.
Describing cybersecurity as a team sport, Goldstein and Hartman discussed how sharing expertise and insights bolster collective defense to meet national security objectives.
On a daily basis, CNMF and CISA work side by side, Hartman said. We are collaborating on two things: what information does CISA have relevant to the DoD that allows us to disrupt an ongoing or prevent a future attack on the United Statesand what threats are we seeing while we are executing operations that are relevant to the threats CISA sees in the United States.
Both agencies prioritize efforts to secure and protect the nations election infrastructure.
Hartman and Goldstein described an operation in advance of the 2020 elections in which CNMF identified a compromise of an election reporting website which an Iranian actor, referred to by industry as PIONEERKITTEN, had access. CNMF immediately tipped CISA and then took action to mitigate the adversarys access so it could not impact the reported results.
There is no more important mission than ensuring there is a safe and secure election from foreign influence and interference, said Hartman.
There was no impact to election infrastructure, no impact to voting systems, no impact to the free and fair conduct of the election, Goldstein said. This is a case where we had an adversary with the potential intent to take action relating to an election, and we were able to effectively get in front of that activity.
Goldstein also described several cases where CISA proactively identified potential intrusions targeting federal agencies and organizations in the educational sector and rapidly tipped CNMF with actionable information to take action against the malicious actor. In these cases, CISAs incident response activities conducted in close coordination with CNMFs operations against the adversary materially reduced impacts on the victims network.
The maturation in this relationship in the last few years is impressive and it happens in real-time and every day, said Hartman. It has become a significant driver for our mission and really a credit to CISAs forward-looking approach to push information that is relevant to our foreign-focused mission so that we can rapidly make use of.
The CNMF mission is broad, continuous, joint, and enduring in the combat against foreign malicious cyber actors. As the nations cyber defense agency, CISA provides guidance, services, and support help organizations prepare for, respond to, and mitigate the impact of cyber attacks. Together, and in collaboration with partners across government and the private sector, we can make our nation more secure and resilient.