The chief of defense for the Defense Industrial Base (DIB) at the National Security Agency’s (NSA) Cybersecurity Collaboration Center (CCC) is focused on boosting the cybersecurity of small businesses within the DIB.
“The majority of the DIB – 70 percent of it – is small businesses,” Bailey Bickley, chief of DIB defense at the NSA CCC, said on May 21 during a Qualys conference in D.C. “We can’t expect a small business to defend against an adversary like the People’s Republic of China alone.”
“We have to do a better job of helping them,” she continued, “they deserve to have the government on their side. And so that was part of the logic that led to the stand up of the [NSA CCC].”
Bickley explained that part of the NSA CCC’s job is to provide small businesses with direct assistance and support, “whether that’s in the form of services that they enroll in that help them protect their networks, or even just joining a collaboration channel.”
“The whole point is, if we know something that’s actionable, we need to reduce the time to get that information out there,” she said. “That’s our job and our role and I think it’s going really well.”
Bickley explained that she’s been at NSA for 16 years, and one trend remains over the span: nation-state actors continue to target mom-and-pop businesses.
The DIB defense chief said her team offers three services that address network security, and they’re actively planning to scale up to four. Currently, they provide small defense contractors with protected Domain Name Systems; unclassified threat intelligence; and attack surface management.
Bickley boasted that NSA has successfully blocked 70 million malicious cyber activities.
Moving forward, she said her team is “really focused on scaling our offerings, but in a way that is very strategic.”
“We have more than 1,000 customers currently enrolled in the services which is a fantastic milestone for us, but the DIB is vast. It’s 300,000 companies and that number changes and fluctuates every day based on contracts,” Bickley said.
She added, “How will we find the small companies that are most likely to be targeted? And how will we prioritize our outreach for them?”