CISA, Cyber National Mission Force Leaders Share How They Partner: First-Ever Ops Revealed to Industry
SAN FRANCISCO — In line with the theme for this year’s RSA Conference, Stronger Together, Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), and U.S. Army Maj. Gen. William J. Hartman, U.S. Cyber Command’s Cyber National Mission Force commander, delivered a presentation on the importance of partnership in defending America’s critical infrastructure while holding malicious cyber actors accountable.
Goldstein and Hartman shared newly-declassified details of interagency responses to cyber attacks from nation-state actors and cybercriminals, including how CNMF shares information from foreign operations to enable CISA’s domestic defensive mission. They also discussed how CISA shares information from domestic cyber incidents to enable CNMF’s operations to impose costs on foreign malicious cyber actors. Goldstein and Hartman discussed case studies, including the “SolarWinds” campaign, the mitigation of Chinese hacking of Microsoft Exchange, the disruption of Iranian targeting of an election reporting website, and ongoing data-sharing from cyber criminal targeting of federal agencies and educational institutions to enable CNMF operations.
“As our nation’s cyber defense agency, CISA recognizes that we must leverage all tools and capabilities to increase costs against our adversaries. Our work with CNMF enables us to not only more effectively defend our nation’s critical infrastructure from cyberattacks but also clearly demonstrate to our adversaries that there is a price to pay if you decide to attack American infrastructure,” said CISA EAD Goldstein. “Our presentation demonstrated for the first time how this partnership yields real-world operational benefits and how we rely upon collaboration with, and incident reporting from, the private sector to catalyze this work.”
Describing cybersecurity as a team sport, Goldstein and Hartman discussed how sharing expertise and insights bolster collective defense to meet national security objectives.
“On a daily basis, CNMF and CISA work side by side,” Hartman said. “We are collaborating on two things: what information does CISA have relevant to the DoD that allows us to disrupt an ongoing or prevent a future attack on the United States…and what threats are we seeing while we are executing operations that are relevant to the threats CISA sees in the United States.”
Both agencies prioritize efforts to secure and protect the nation’s election infrastructure.
Hartman and Goldstein described an operation in advance of the 2020 elections in which CNMF identified a compromise of an election reporting website which an Iranian actor, referred to by industry as PIONEERKITTEN, had access. CNMF immediately tipped CISA and then took action to mitigate the adversary’s access so it could not impact the reported results.
“There is no more important mission than ensuring there is a safe and secure election from foreign influence and interference,” said Hartman.
“There was no impact to election infrastructure, no impact to voting systems, no impact to the free and fair conduct of the election,” Goldstein said. “This is a case where we had an adversary with the potential intent to take action relating to an election, and we were able to effectively get in front of that activity.”
Goldstein also described several cases where CISA proactively identified potential intrusions targeting federal agencies and organizations in the educational sector and rapidly tipped CNMF with actionable information to take action against the malicious actor. In these cases, CISA’s incident response activities conducted in close coordination with CNMF’s operations against the adversary materially reduced impacts on the victims’ network.
“The maturation in this relationship in the last few years is impressive… and it happens in real-time and every day,” said Hartman. “It has become a significant driver for our mission and really a credit to CISA’s forward-looking approach to push information that is relevant to our foreign-focused mission so that we can rapidly make use of.”
The CNMF mission is broad, continuous, joint, and enduring in the combat against foreign malicious cyber actors. As the nation’s cyber defense agency, CISA provides guidance, services, and support help organizations prepare for, respond to, and mitigate the impact of cyber attacks. Together, and in collaboration with partners across government and the private sector, we can make our nation more secure and resilient.
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.