As cyberattacks continue to be on the rise, information sharing between the public and private sectors is even more crucial, especially with Defense Industrial Base (DIB) companies, according to a cybersecurity official at the National Security Agency (NSA).
During a ‘Coffee & Conversation’ hosted by the Intelligence and National Security Alliance (INSA) on June 14, Morgan Adamski, chief of the Cybersecurity Collaboration Center at NSA, explained that the agency has shifted how it shares information with the over 300,000 DIB companies in support of real-time defense.
Public-private partnerships are not something new, especially in cybersecurity. However, Adamski explained that sometimes that partnership is the government pushing out information that doesn’t have any context or industry pushing information into the government, ineffectively.
“It’s a black hole. When you think about operational collaboration, which is the evolution of public-private partnerships, and what we do here, it is an act of conversation,” Adamski said. “It is an investment in terms of, we’ve got to put skin in the game from an [NSA] perspective, just as the industry has to put skin in the game in terms of talking about what they’re seeing on their networks and what they’re tracking.”
According to Adamski, fostering effective collaboration between industry and the Federal government requires trust, transparency, and humility.
Considering these key factors, NSA adopted a three-pronged approach to achieving collaboration at scale with DIB companies. This approach includes working with the largest cybersecurity companies, providing information to protect partner companies and active Defense contracts, and securing future innovations by authoring and submitting security standards for emerging technology.
“We support the Department of Defense as the sector Risk Management Agency for the DIB. There are over 300,000 DIB companies and that is a very large number. We cannot communicate with 300,000 DIB companies on any given day, and quite honestly the information and capabilities that we share will not be used by everyone. So, we had to take a different approach,” said Adamski.
In addition, Adamski discussed how the emergence of AI has been both a threat and an asset to national security. To ensure that the United States can benefit from AI while protecting itself against the inherent threat, she said NSA has three major priorities for AI.
She said these include understanding “how our adversaries access this technology and intend to use it; how we can use AI to help do our jobs; and what can be done to disrupt the usual operation of AI and how this can be prevented.”