The events of 9/11 – and more recently, the SolarWinds cyber incident – have illuminated a vital lesson: seamless collaboration across the intelligence community, Federal agencies, industries, academia, and international partners is essential for a comprehensive understanding of national security threats, a senior intelligence official said this week.
Kristina Walter, chief of the Cybersecurity Collaboration Center (CCC) at the National Security Agency (NSA), emphasized that these incidents underscore the importance of interoperability in creating a unified approach to addressing complex challenges and safeguarding national security.
“What we found after 9/11 was, that as an intelligence community, we realized that we were not connecting the dots, because we were not collaborating in a productive way … and [after 9/11] we did a lot of work to make sure that all of the information that was available to the intelligence community was really coming together, to put the correct picture together,” Walter said during GDIT Emerge on Sept. 12 in Arlington, Va.
Years later, in 2020, hackers compromised SolarWinds by embedding malicious code into its Orion IT monitoring and management software, used by thousands of enterprises and government agencies around the globe.
Following that event, leaders of the intelligence community were questioned about how such a threat could remain undetected.
Walter addressed the challenge succinctly, quoting former NSA Director Gen. Paul Nakasone: “I can’t connect all the dots because I can’t see them; most of them are owned by industry. We don’t operate on industry networks, nor do we manage them.”
This underscores a critical gap in the ability to detect and address threats that bridge both public and private sectors, she explained.
“That was really a transformation for us. We know specifically China, but also Russia, understand the laws and the restrictions of the intelligence community when it comes to operating in the U.S. … They compromise the weakest link … And if we’re not constantly talking to our industry partners, we can’t see that,” Walter said.
She explained that since then, the Federal government has been actively working to enhance its collaboration with industry counterparts. At the CCC, the focus has been on partnering with the entire defense industrial base ecosystem – including internet service providers, cloud service providers, and cybersecurity firms – to “bridge those gaps and connect the dots,” she said.
“[Our adversaries] exploit our blind spots against us [and] we’ve realized the necessity of working together to understand these threats. We actively collaborate with industry partners to determine how these networks are built, who they are targeting, and which network endpoint devices are being compromised,” Walter said. “This collaboration has led to the discovery of zero-day vulnerabilities, abused credentials, and the realization of the extensive log data and analytic resources required to detect sophisticated activities.”
Walter further emphasized the critical role of public-private collaboration in safeguarding the networks that enable the Federal government to exchange timely data among agencies and with international allies.
“The [CCC] is constantly sharing out what we know China, Russia, Iran, North Korea, and other cyber criminals are doing to get after that interoperability. They’re trying to take advantage of the weakest link in those connections,” Walter said, adding that because interoperable connections can be exploited by adversaries, robust partnerships with industry are crucial for addressing these risks and enhancing cybersecurity defenses.
Industry is critical to that effort because it “is the backbone of the connectivity on which the Defense Department and critical infrastructure rely,” she said.