Analysis
Attacks and Vulnerabilities
Critical infrastructure
Industrial Cyber Attacks
News
Reports

NSA report focuses on driving cybersecurity outcomes while pushing strong partnerships and education

December 19, 2022
NSA report focuses on driving cybersecurity outcomes while pushing strong partnerships and education

The National Security Agency (NSA) has released its 2022 Cybersecurity Year in Review highlighting the agency’s ability to scale cybersecurity solutions through strong partnerships, resulting in speed and agility. The NSA report highlights its cybersecurity mission integrating its cryptographic expertise, signals intelligence, vulnerability analysis, defensive operations, to prevent and eradicate cyber threats to national security systems (NSS), the Department of Defense (DoD), and the defense industrial base (DIB). 

The NSA report also covers its partnerships, which are strong and growing; efforts to provide critical security and security infrastructure; and initiatives to bolster cybersecurity education from kindergarten through college by funding programs such as GenCyber, the CodeBreaker Challenge, the NSA Cyber Exercise and the National Centers of Academic Excellence in cybersecurity.

The report throws light on the NSA’s efforts to collaborate with industry to harden billions of endpoints against active and ongoing nation-state threats, and disclose dozens of zero-day vulnerabilities to vendors to remediate before nation-state actors exploit them. It also includes publicly releasing cybersecurity guidance to protect against active adversary and cybercriminal threats and to harden systems, securing standards for emerging technology through NSA’s Center for Cybersecurity Standards. It also covers researching and delivering tools and technology advancements that protect the nation’s cyber ecosystem.

“By protecting the U.S. Government’s most sensitive networks, we cascade solutions that help secure critical infrastructure, U.S. allies, and businesses and consumers around the world,” Rob Joyce, NSA cybersecurity director, said in a media statement released alongside the report. “Our efforts to protect those networks help protect yours.”

The director said he “would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally. As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level, which is going to cause them to reevaluate, try different strategies to extricate themselves.” He also confirmed that the NSA has seen ‘spillover’ from Ukrainian hacks to neighboring countries and particularly Poland due to its status as a supply channel to Ukraine.

Joyce wrote in the NSA report that “as the scope of malicious cyber incidents and the sophistication of our adversaries grow, it will take a unified public-private sector strategy to gain the competitive advantage in this environment. Our power is in partnerships. Strategic collaboration across security and intelligence spheres, and across classified and unclassified settings, results in increased speed and agility,” he added.

“We are preparing for the transition to quantum-resistant cryptography to protect ourselves into the future. That protection not only goes into our networks, but the weapons platforms and other technology we rely on,” according to Joyce. “We have to recognize networked computers are in every facet of our environment and change culture to secure all of them. Tools like National Security Memorandum 8 that give directive authorities to improve the cybersecurity of National Security Systems are improvements that enable such action.”

The NSA report cited the agency’s response to national threats and priorities, often by joining U.S. partners — the Cybersecurity and Infrastructure Security Agency (CISA), U.S. Cyber Command, and the Departments of Justice, State and Treasury, and international partners such as the Australian Cyber Security Centre, the U.K.’s National Cyber Security Centre, and Canada’s Communications Security Establishment and Canadian Centre for Cyber Security, to publish Cybersecurity Advisory to disrupt and degrade a multi-year global ransomware threat that affected hundreds of organizations.

“Iranian Islamic Revolutionary Guard Corps (IRGC)-Affiliated Cyber Actors were exploiting publicly known vulnerabilities to gain access to networks around the globe,” the NSA report said. “The malicious state-sponsored actors then encrypted information and extorted data to support ransom operations. The actors victimized a broad range of organizations, including small businesses, government agencies, nonprofit programs, and educational and religious institutions. Their victims also included multiple critical infrastructure sectors, including health care, transportation services, and utility providers.”

In September, the international coalition alerted network defenders in a cybersecurity advisory of the threat and armed them to defend against it. The advisory shared the actors’ tactics, techniques, and procedures (TTPs), mapped to the MITRE ATT&CK framework, and provided guidance on how to detect and mitigate against the threat.

NSA continues to highlight the Common Vulnerabilities and Exposures (CVEs) and TTPs that People’s Republic of China (PRC) state-sponsored cyber actors rely on to compromise systems and steal sensitive information. In June, NSA partnered with FBI and CISA to release a cybersecurity advisory that covers how PRC hackers have established a network of compromised infrastructure. They have compromised major telecommunications companies and network service providers primarily by exploiting publicly known vulnerabilities. 

The NSA’s Cybersecurity Collaboration Center (CCC) plays a key role in whole-of-government and international efforts to advance cybersecurity. The CCC defends the U.S. DIB and disrupts the adversary by sharing timely threat intelligence with high-impact partners, best positioned to scale detection and mitigation techniques to billions of endpoints. While the CCC’s primary goal is to defend the DIB, its efforts cascade protection across all 16 U.S. critical infrastructure sectors, reach businesses and consumers, and even protect allies.

“In 2022, the CCC nearly tripled its partnerships, growing from 110 partners to more than 300 collaborative relationships,” the NSA report said. “The CCC’s partners now reach a cumulative, estimated 2 billion endpoints, and its DIB prime partners account for 80 percent of Department of Defense (DoD) acquisition spending. In the past year, the CCC also doubled its analytical exchanges with these partners. Thanks to more than 10,000 bidirectional collaborations — primarily focused on Russian and People’s Republic of China (PRC) cyber threats and responding to world events — billions of endpoints have been hardened against nation-state threats.” 

For example, if NSA shares a nation-state actor’s malware or tactics, techniques, and procedures (TTPs) with an internet service/cloud provider with a global footprint, the provider can develop and deploy signatures to defend against the threat at scale, the NSA report said.

Through its vulnerability scanning and remediation services, the CCC also works with willing DIB partners to identify and resolve vulnerabilities prior to their exploitation. This enables the CCC to proactively engage with partners on issues before they become compromises. 

The CCC provides tailored reports that help companies prioritize their vulnerability management based on where they might have assets they didn’t know about, where they might be vulnerable, and how they should then prioritize those vulnerabilities based on severity and current nation-state targeting, the NSA report disclosed. “To date, the CCC has focused on enrolling companies that support critical DoD programs for cryptography, weapons and space, and nuclear command and control, but in 2023, the CCC is focused on scaling these services to thousands of qualifying companies. These services are available to any company that has an active DoD contract (sub or prime) and has access to non-public DoD information,” it added. 

NSA’s Center for Cybersecurity Standards (CCSS) is directly securing standards for emerging technology. The agency plays an important role in international standards development organizations (SDOs) because it possesses the technical expertise to draft strong standards and a vested interest in securing the technologies that impact national security and defense, such as cloud and 5G, according to the NSA report. CCSS is focused on authoring, informing, and driving adoption of standards for telecommunications, with a focus on securing the 5G core, edge, and data in transit, cloud, and secure internet protocols, especially preparing protocols for quantum-resistant cryptography.

To date, CCSS has authored and submitted more than 35 standards for 5G, cloud networks, and internet protocols. The work ensures security is baked in and reduces adversaries’ ability to steal U.S. intellectual property. 

​​Through the Enduring Security Framework and CCSS, NSA has joined forces with industry to reinvigorate U.S. and allied investment in Standards Development Organizations (SDOs), ensuring long-term security of critical technologies. The group will assess technical and geopolitical threats to international SDOs and develop strategies to counter these threats.

As the U.S. government’s premier cybersecurity research and development center, NSA’s Laboratory for Advanced Cybersecurity Research delivers tools and technology advancements that protect and secure the nation’s cyber ecosystem, from national security systems to everyday devices. For example, NSA researchers developed Security-Enhanced Linux (SELinux), which became the foundation for the security-enhanced Android operating system used by billions of smartphones worldwide. 

Through partnerships with other federal agencies, increased visibility within the national security community, and increased authorities to mandate vulnerability remediation, NSA is drastically increasing the security of critical U.S. government systems, including protecting sensitive military and intelligence data from adversaries. The agency raises the bar on cross-domain solutions, allowing information to be shared across international, government, agency, and classification boundaries through controlled interfaces. 

Traditional cybersecurity centered on a perimeter-defense model is ineffective against malicious cyber actors. Once inside the network, the hackers can move laterally, escalate privileges, and compromise the mission. The only way to protect critical resources is through a data-centric model. 

Zero trust is a cybersecurity strategy and framework that embeds security throughout the architecture for the purpose of preventing, detecting, and responding to data breaches. The security model eliminates the idea of trusted or untrusted networks, devices, personas, or processes and instead constantly interrogates the trust relationships formed by entities on the network and denies access by default, only allowing access by an approved user and device. 

To demonstrate the efficacy of zero trust architectures in a government environment, and to enable NSA to publish well-informed guidance to the community, NSA built the Native Zero Trust Cloud (NZTC) environment — a private cloud that implements zero trust principles at the advanced level of the DoD Maturity Model. 

NSA’s zero trust experts also partnered with the DoD CIO, Defense Information Systems Agency (DISA), CISA, and subject matter experts from across the U.S. government and industry to provide guidance to national-level strategies and roadmaps, and publish reference architectures for successful implementation. 

The U.S. government is also increasingly moving to cloud computing environments. As adversaries often target the cloud, NSA has a strategy to protect NSS, the DIB, and other critical infrastructure sectors in cloud, hybrid cloud, and multi-cloud environments. The agency is collaborating with industry, academia, and U.S. and allied government partners to improve the hardening of clouds, detection of threats, and the development of actionable, scalable mitigations.

NSA remains committed to ensuring all people see themselves in cyber and to fostering a diverse workforce that is reflective of the global community. The agency is actively working with academic, industry, and government partners to encourage more women to pursue careers in cybersecurity. 

Additionally, the NSA and the National Science Foundation fund camps and programs for students and teachers that increase awareness of K-12 educational cybersecurity content and cybersecurity post-secondary and career opportunities. In 2022, 74 schools across 37 states and the District of Columbia hosted student, teacher, and combination programs, as well as outreach/capacity building activities.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure