A mature intelligence-sharing partnership between CISA and the Cyber National Mission Force (CNMF) will help thwart an incident in which three U.S. federal agencies faced intrusion campaigns from foreign-based cybercriminals. It was helpful.
On the first day of the RSA conference, Eric Goldstein, executive assistant director of cybersecurity at CISA, confirmed that the organization observed threat actors linked to known adversaries “attempting to harvest credentials.” Did.
It was not disclosed which institutions were affected.
“We immediately reached out to government agencies, informed them of the activity, provided guidance on mitigation measures, and began responding to the incident,” Goldstein explained.
At the same time, in an effort to protect federal agencies and identify potential spheres of impact, CISA also gathers information about attackers’ infrastructure, what they are doing, and where they are coming from. and quickly shared with partners. Cyber National Mission Force (CNMF).
Goldstein told reporters: Blunting the impact on the enterprise, this is our true goal, here to stay ahead of the enemy and stop the intrusion before damage is done. ”
“Its ability [Department of Homeland Security] CISA’s ability to provide information quickly is a huge driving force for the CNMF,” said Maj. Gen. William J. Hartman, commander of the CNMF, which operates under the U.S. Cyber Command.
Once the information has been evaluated and the CNMF is satisfied with taking the next steps first within its mandate, forces operating under the organization appear to either thwart ongoing threats or deter future threats.
“If this were a few years ago, I would like to emphasize that this is not what we are talking about,” Hartman said. [with CISA] And the fact that it happens every day in real time is a key driver of our mission. ”
Goldstein said there has been a lot of progress on the partnership over the past few years and that much of the work the two agencies are doing is new and novel.
Hartman explains:
Two speakers highlighted other incidents where information sharing is important, such as the SolarWinds attack observed during the 2020 US general election and Iran-backed cybercriminal operations.
CISA and CNMF leaders emphasized that their partnership is a key driver for protecting the United States from cyberthreats.
CNFM officially began operations in January 2014 and will formally become a unified command under the Department of Defense in late 2022.
The CNMF is the U.S. military’s joint cyber force tasked with defending the nation in cyberspace through a full range of operations, including offense, defense, and information operations.
