Several destructive cyberattacks, including an attempted Iranian infiltration of American elections, were thwarted by intelligence sharing between U.S. Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA), officials said at the RSA conference held this week in San Francisco, California.
U.S. Cyber Groups Join Forces
A modernized relationship between the Pentagon and the nation’s top civilian federal cybersecurity agency sought to surpass a legacy model of what CISA executive assistant director Eric Goldstein called “stove piped” communication.
In explaining Cyber Command and CISA’s relationship, Goldstein said:
“As our nation’s cyber defense agency, CISA recognizes that we must leverage all tools and capabilities to increase costs against our adversaries. Our work with CNMF enables us to not only more effectively defend our nation’s critical infrastructure from cyberattacks but also clearly demonstrate to our adversaries that there is a price to pay if you decide to attack American infrastructure... Our presentation demonstrated for the first time how this partnership yields real-world operational benefits and how we rely upon collaboration with, and incident reporting from, the private sector to catalyze this work.”
Cyber Defense Operations Examined
Cooperatively, CISA may have key information that could help Cyber Command to execute an operation, disrupt a hacking campaign or prevent a planned attack. In the case of the Iranian threat, Cyber National Mission Forces (CNMF) at Cyber Command in a reconnaissance mission uncovered attempts by Iranian hackers to gain access to software that reports election results, Maj. Gen. William Hartman, commander of the CNMF, told an audience at RSA.
As Goldstein explained, Cyber Command, in turn, passed that information to CISA, which sounded the alarm of incident response support. CNMF then ensured that the hackers did not gain access to their targets.
“There was no impact to election infrastructure, no impact to voting systems, no impact to the free and fair conduct of the election," Goldstein said. "This is a case where we had an adversary with the potential intent to take action relating to an election, and we were able to effectively get in front of that activity.”
The relationship, said Goldstein, is “fairly novel and it’s only going to mature.”
Hartman also discussed with Goldstein how sharing expertise and insights bolster collective defense, saying:
“On a daily basis, CNMF and CISA work side by side. We are collaborating on two things: what information does CISA have relevant to the DoD that allows us to disrupt an ongoing or prevent a future attack on the United States… and what threats are we seeing while we are executing operations that are relevant to the threats CISA sees in the United States.”