How Defense Industrial Base Companies Can Get Free Cybersecurity Assistance from the NSA

Lindy Kyzer, Clearance Jobs
August 28, 2023
techcast

Every day it seems there is a new announcement about a cyber attack affecting the Defense Industrial Base (DIB). In this timely episode of Defense TechCast, host Leslie Weinstein interviews Bailey Bickley, chief of DIB Defense at NSA’s Cybersecurity Collaboration Center. Bickley’s goal? Scale ‘intel-driven cybersecurity across the U.S. defense industry.’

The NSA Cybersecurity Collaboration Center works with industry, agency, and international partners to make everyone’s collective cybersecurity safer.

And for NSA specifically, we have really unique insights on foreign nation state cyber threats, their plans, intentions, capabilities,” said Bickley. “But in a domestic space, we rightly lack visibility into how they’re targeting the networks of the companies that we care the most about. And this is particularly important within the Defense Industrial Base or the DIB because we know that those companies are frequently a target of nation state actors who are looking to steal sensitive US government information, company proprietary information, and really use that to undermine our economy as well as our national security.”

Information sharing across CCC partners helps everyone’s cybersecurity efforts, to both detect and mitigate, but also prevent cyber attacks by sharing relevant threat intelligence.

WHO IS ELIGIBLE?

The entire DIB ecosystem is eligible to participate, Bailey says. That includes sub or prime contractors, along with supply chain and service providers. The advantage to large contractors and major providers is the ability to participate in large scale, actionable threat intelligence. For small and medium-sized companies, the cybersecurity services provided can have a big impact in improving cyber hygiene.

IS THERE A COST?

The program is paid for by the DoD CIO, through competitively awarded contracts to provide the services to companies, says Bailey. Then NSA works to both onboard the companies and then offer their unique insights on nation state threats, she said.

WHAT SERVICES ARE OFFERED?

“We have three services right now that are really mature,” said Bailey. “The first one is protective DNS. The second one is attack surface management, and the third one is threat intelligence. So for protective DNS, for those that aren’t familiar with domain name system, it’s essentially the phone book of the internet and how you can type in a human-readable URL like nsa.gov and that’s then translated into a machine-readable IP address. And because DNS is so pervasive, we’ve seen adversaries use that and abuse it to actually install malware, gain access to sensitive systems and even do data exfil.

“So protective DNS acts as a DNS filter that stops parties from unwittingly connecting to known bad websites. It leverages two things to do so. First, commercial threat intelligence feeds, but also NSA is feeding in unique indicators of known malicious activity that we’re getting from signals intelligence, from research, open source research, international partners, industry partners, et cetera. So we’re really trying to bolster that service. And to date, we’re feeding in about a hundred unique indicators a week that are being blocked for all of our customers.”

Those feeds and unique indicators have helped NSA to block approximately 800 million instances of known bad activity,” she added.

For attack surface management, CCC provides tailored summaries of issues for mitigation – a critical time savings for small businesses who might not have that kind of robust resourcing on their own.

“We’re trying to be the signal through the noise and help folks that have patch fatigue really manage that,” said Bickley.

The final service is cyber threat intelligence sharing.

“This is essentially where DIB companies can enter into a partnership with NSA that’s entirely mutually beneficial, voluntary, and receive non-public NSA threat intelligence that might be specific to the defense industry and the way that we see adversaries targeting the DIB,” said Bickley.

CAN I GET IN TROUBLE IF NSA FINDS AN ISSUE?

“That is actually one of the things that I love most about working in the collaboration center, which is we operate in this really beautiful space that is entirely voluntary,” said Bickley. So there’s nothing that contractually or congressionally mandates any company to work with us. It is truly collaborative in nature. And so with each of our partners, we sign an agreement, a non-disclosure agreement that protects the sensitive information that’s being shared with one another.”

The mission of CCC comes down to strengthening cybersecurity across the DIB. All companies can benefit – from large primes to small businesses.

“I think all of us in this mission space take a lot of satisfaction in helping small to medium-sized businesses that might be below the cyber poverty line, so to speak, secure their networks,” said Bickley.

HOW CAN COMPANIES GET ENROLLED?

Companies interested in getting enrolled can go to www.nsa.gov/ccc to fill out a form, with several very simple mandatory fields. The CCC vets companies to ensure they meet the qualifications, and then set up a call to discuss and answer any questions. Bickley said in some cases the process has taken less than an hour.

“In most cases, I would say it takes a couple days simply because you’re swapping emails, trying to get time on a calendar, but it’s pretty seamless and pretty fast if the person on the other end is responsive,” said Bickley.

The enrollment time is quick, and the benefits may be immediate. Bickley provided several examples of recent wins where the CCC discovered information and was able to work to discover incidents as significant as a nation state attack. Beyond getting clarity on that vulnerability, the CCC was then able to share information with other enrolled companies who may have the same vulnerability.

“It is a little bit of time investment that we think will significantly reduce your risk of compromise, of your proprietary information being stolen, a costly incident,” said Bickley. “So just we really do want to partner with you, and if you’re watching this and you don’t qualify, then be an ally. Help us spread the word.”

Share this
Lindy Kyzer, Clearance Jobs

Clearance Jobs

Connect