Watching But Not Waiting: Vigilance, Diligence, and Resilience on Cybersecurity

Debora A. Plunkett

Principal, Plunkett Associated LLC

In the past year, the cybersecurity landscape has been rich with new partnerships, timely security guidance and remediations, and collaboration across all sectors. Simultaneously, we have seen a continued uptick in intrusions, attacks, supply chain breaches, ransomware demands, and public disclosures.

In fact, while it could be said that we are in a static state as it relates to the use of novel, more sophisticated and lethal cyber tools, the volume, and impact of the use of cyber tools continues to grow exponentially.

While cyber has played a role in geopolitical conflicts as evidenced by the Russia-Ukraine war, it has been minimally employed in advancing large-scale strategic objectives. One might conclude that we are in a static state in cybersecurity, but now is no time to let our guard down. Well-resourced and capable malicious actors are still worth watching carefully. We must remain not only vigilant, but determined and resilient, as the use of cyber capabilities to satisfy a myriad of objectives continues apace.

In the mid-2000s, when cyber intrusions were first accelerating in pace and intensity, a frequently used formula for conveying the impact and potential for cyber attacks to be successful was that 85% of attacks were the result of exploiting known vulnerabilities for which there were existing known solutions. The message then, was that if we would only invest in applying these solutions, we could then spend scarce resources in not only addressing new mitigations for classes of vulnerabilities, but also in developing and delivering solutions to the remaining 15% of the attacks­—the novel, more sophisticated and seldom, if ever, seen exploits with no know solutions.

Fast forward to today.

While it remains true that most attacks today are exploiting known weaknesses (largely enabled by humans), there have been more novel attack strategies that have presented new challenges to cyber defenders. These include supply chain breaches which have opened the door for more pervasive, widespread, and impactful attacks. Also included are the uptick in the investment in discovering and deploying zero-day exploits, with China emerging as one nation state with significant investments and stated intentions in this area.

The security community’s response to the continued growth in the volume of attacks has been to collaborate more, partner across sectors, speak transparently about risks and emerging threats, and address the potential attacks by bringing government and private sector resources to bear.

Unlike any other time in the lifecycle of cybersecurity, private sector organizations are uniting to bring their best capabilities together to assess and develop solutions for tough cyber challenges. These partnerships are genuine and encouraging, as the skills shortage in cyber security means the best talent is often disbursed across multiple organizations.

Like no other time in the past, competitors in the cybersecurity field are openly praising the work and partnership of others. Alliances are being established and matured as the cyber community realizes that the strength of our response is contingent not on the capabilities of one, but on the contributions of all. It is critical that these alliances continue to flourish.

Unlike any other time in the lifecycle of cybersecurity, private sector organizations are uniting to bring their best capabilities together to assess and develop solutions for tough cyber challenges.

The U.S. government, likewise, has increased its efforts to collaborate both across government and with the private sector.

The strengthening of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), both in substance with designation of additional resources to this mission, and in leadership, has resulted in a stronger front line for the USG’s engagement with industry.

Similarly, collaboration across the USG is manifest, as evidenced by published security guidance on a myriad of security topics, often co-authored and/or sponsored by multiple USG departments or agencies. This collaboration takes advantage of the cybersecurity expertise that exists in several organizations while acknowledging established authorities.

Examples include multi-organizational publications on control systems, co-authored by NSA and CISA; guidance on vulnerabilities exploited by the PRC, co-authored by NSA, CISA and FBI; and information on tools targeting SCADA devices, co-authored by DOE, CISA, NSA and FBI.

The outcome is win-win certainly for the USG but more importantly, for the cybersecurity ecosystem which needs the best that the whole of government has to offer to stay in the game.

Collaboration between government and industry continues to prove to be a worthy investment in time and talent. Relationships of trust between some elements of government and industry are not new. However, the rapid increase in demand for cyber solutions and recovery options has demanded a more fulsome approach to these partnerships.

While there has been some movement on more sharing, particularly from government to industry, there remain opportunities to share more relevant, sensitive cybersecurity information within government and with industry partners to both enhance trust and create additional opportunities for breakthrough developments to address tough cyber problems.

Collaboration between government and industry continues to prove to be a worthy investment in time and talent.

This challenge must continue to be worked to take full advantage of the strength of the cybersecurity community.

Cyber as a means for criminal, geopolitical, and social activities is here to stay. It is most important that those in the fight to protect and defend networks, data, and the privacy of citizens, are armed with the best talent, tools and intentions. Collaboration with all stakeholders is critical to having a fighting chance of winning in cyber. Now is not the time to watch and wait, but rather to keep a watchful eye on malicious cyber actors and nation-states who have declared their intentions; leverage the full capacity of the USG to predict, identify, and mitigate cyber acts, and finally to expect the need to recover and be prepared to do so.

Vigilance, diligence, and resilience are critical to winning in cyberspace.

Read more insights from today's top cyber leaders in The Cyber Initiatives Magazine.

Debora Plunkett is Principal of Plunkett Associates LLC and sits on the corporate boards of CACI International, Nationwide Insurance, BlueVoyant and Mercury Systems. She is the former Director of the National Security Agency’s Information Assurance Directorate and is founding member and Chairman of the Board of Defending Digital Campaigns.