Attacks against defense industrial base increasing, NSA chief warns
BALTIMORE, Maryland—Adversaries like China and Russia are taking aim more frequently at the companies that make up the United States’ defense industrial base, Gen. Timothy Haugh, the head of U.S. Cyber Command and the National Security Agency, told the crowd at TechNet Cyber on Tuesday.
The defense industrial base—the companies that produce goods and services, and conduct research for the Defense Department—comprises more than 160,000 domestic and foreign companies, employing 9 percent of the U.S. workforce, he said. But that base“is being actively targeted by our adversaries and competitors, particularly by the People’s Republic of China,” Haugh said.
U.S. government officials have called China a top cyber threat for years. But this year, officials and lawmakers have been issuing increasingly dire warnings about China’s rising risk tolerance for cyber operations, as evinced by the Volt Typhoon campaign, which targeted key elements of U.S. infrastructure.
In response to a question from Defense One, Haugh did not expressly say that China was also employing Volt Typhoon against partner militaries, like the Philippines, but did say it was a “serious concern, not just to the United States, but also to our allies.”
The NSA and Cyber Command are devoting more time and energy to threats posed by AI-enabled cyber attacks, as well as working on how to employ AI for cyber security within the Defense Department and within the industrial base, he said, pointing to the 2023 stand-up of the NSA’s AI cybersecurity center.
Last June, NSA and Cyber Command also announced they were expanding the size of little-known program called Under Advisement, which links together private cybersecurity companies, companies within the defense industrial base, other businesses of national security relevance, and government cyber security experts, with the goal of expediting information sharing about threats, vulnerabilities, and attacks.
“Since 2021, researchers have identified over 20,000 distinct cybersecurity vulnerabilities each year, with 29,000 discovered last year,” he said.
The Defense Department and Zero Trust
NSA and Cyber Command aren’t the only entities in the Defense Department looking to make better use of artificial intelligence for cyber defense. Brian Hermann, the director and program executive officer for the Cyber Security and Analytics Directorate at the Defense Information Systems Agency, told reporters Tuesday that according to his estimates, some 75 percent of cybersecurity actions could be automated for far faster and better defense—particularly against attacks that adversaries have also scaled up through AI.
“We’re not real close at all,” to reaching that percentage, he warned. But as the Pentagon continues to implement elements of its zero-trust architecture roadmap, the possibility of better AI-enabled cyber defense is rising, he said.
By the end of 2025, Zero-Trust Network Access should be implemented across Defense Department sites. That will put the Pentagon in a much better position to begin to better implement new, cutting-edge AI tools for defense across the entire DOD.
“I can tell you … we had to start in a couple of different places. The first is the streamlining of our data,” he said. “We’ve artificially defined cyber data versus data that is for network operations functions; and the truth is, it’s all cyber data.”
Getting Defense Department data out of individual silos into a common data lake, where analysts—perhaps using AI tools—can scour it for indications of threats and intrusion is key to defending against future AI-enabled attacks, he said.
“One of the most notable things that comes as part of zero trust is the connection of the tools to each other. So historically we had protections at the perimeter; we had protections at the local user’s desktop station; we had firewalls that existed in the various parts of our infrastructure, and they didn’t really talk to each other very much. That’s the difference. Now they’re starting to talk to each other. They’re providing common data sets that allow us to say, ‘If I’m seeing something over here, and it seems to be hitting this endpoint’…That’s the approach that we’re taking, is establishing … a data lake architecture with a federated search capability, and then modernizing the tools at various stages.”
Comments are closed.