Top defense and intelligence officials shared this week the trends that worry them the most when it comes to the constantly evolving cyber threat landscape and what their top priorities are on the horizon given current world events and emerging cyber threat trends.
E.P. Matthews, the deputy chief information officer (CIO) at the Defense Intelligence Agency (DIA), laid out the top three “worrisome trends” the DIA is watching closely: technical debt, supply chain security, and information sharing.
“Technical debt is additive. We manage large budgets, and so the IT budget is usually an area that people tend to take risk on. And if you take risks on the things like tech refresh networks, infrastructure, what you will see is you taking a risk – you can’t skip steps,” Matthews said during day one of the 14th Annual Billington Cybersecurity Summit in Washington. “And typically, that risk is manifested in some kind of vulnerability or some kind of exploit.”
Next, the deputy CIO said vendors need to focus on securing their supply chains.
“That includes both hardware and software. We see that where fraudulent hardware has shown up, and we’ve seen those kinds of tactics and playbooks,” Matthews explained. “But that’s not limited to just hardware, even in software – especially in the open source … software where you do not know and are not confident on where those things are coming from.”
“You could be adopting a capability that can be devised or developed by a foreign adversary,” he said.
Finally, the top DIA official advised that the defense and intelligence community stay alert on the speed of information sharing.
“What has changed so much today is the speed at which vulnerabilities are being able to be exploited,” Matthews said. “The ability of malwares to be created as a result of AI is exponential.”
The defense and intelligence officials also noted their top priorities that are on the horizon and in the near-term for countering cyber threats.
DIA’s Matthews said one big focus for his team is information sharing on intel cyber threats so the agency can start to design and choose countermeasures against them.
The Defense Department’s Chief Information Security Officer (CISO), Dave McKeown, said the agency’s main priority is fostering partnerships with industry.
“It is vital for us to partner with industry. We’re not going to be successful if we don’t,” the CISO said.
Dan Richard, the director of the CIA’s Office of Cyber and Digital Policy, noted that talent and the workforce is the CIA’s top priority.
“I think the investment in the people is probably one of the most critical things we have to do,” Richard said. “We are all … in a fierce competition for talent in this area. And it’s a zero-sum game in terms of how many people actually have the skill sets needed, both to build your networks and defend the networks, to find out threats about those networks.”
“And I think while it will take time for our investment to expand that pool of folks to the size that we need it, I think the ability to cross-fertilize between those who are in the private sector – spending time on the public side, getting a better appreciation for that, and vice versa – I think will pay initial dividends to allow us to address these threats which, quite frankly, the government can’t do by itself,” he concluded. “Nor can private companies do by yourself. It’s only by working together can we address these threats moving forward.”