Government agencies need to communicate with much greater security outside of classified networks to remain protected from both foreign and domestic cyber threats.
As a Nation, we cannot effectively expand the competitive space to mitigate near-peer competitors from executing large-scale cyber intelligence or attack operations without a “whole-of-society” approach to cyber risk. The recent SolarWinds supply chain compromise — impacting at least 18,000 organizations — has made this clear. If anyone still had any doubts, the potentially more damaging MS Exchange compromises show the extent to which the supply chain for government work is susceptible to compromise.
We must move beyond focusing on cyber threat information sharing and take a more real-time, collaborative approach to cyber risk by leveraging the collective authorities, visibility, expertise, and expert capabilities of our entire society: government, academia, and industry.
Together, Wickr and the Association of U.S. Cyber Forces (AUSCF) recognize these threats and have partnered to reduce the gaps between private and public cybersecurity efforts.
Many organizations leverage some form of cyber risk analysis to inform their overall risk posture, determine where and how to invest in technology, and prioritize resource allocation. Unfortunately, many efforts to identify and mitigate cyber risk are often siloed to the organization doing the analysis or the company to which it was outsourced. This makes sense at a tactical level, given the risk posture is often different depending upon the organization. However, this exercise should be a team sport at the strategic level. As a society, we must leverage our collective strengths to identify and minimize cyber risk together to counter the likes of China and Russia. Using the components that make up cyber risk provides a framework for this approach.
Cyber vulnerabilities exist in every network across the public and private sectors, from misconfigurations to the absence of encryption to malicious insiders and manufactured software vulnerabilities — the threat landscape is growing every day. With the sudden transition to remote work due to the pandemic, malicious actors have capitalized on this new opportunity to target victims on networks that sacrificed security for speed, making increased data security more critical than ever. So, where is the “center of excellence” for addressing the vulnerability component of cyber risk? Everywhere.
Proper cybersecurity isn’t done in a vacuum — it is established with many parties working together, looking for vulnerabilities, and finding solutions as a team. Secure collaborative tools that can exist side by side on unclassified networks are essential. Existing enterprise systems often cannot be made secure without massive upfront investments and a laser-like lifetime focus on keeping them secure. This is not a realistic goal. Instead, we favor moving toward zero trust architectures and collaborative tools that can be secure by design while operating on the web. The supply chain has to be assumed to be insecure, so we need to build a more trustworthy option on top of the structures we will have to live with for decades to come. This is the path to building the kind of secure networks that, for example, are at the heart of the Department of Defense’s cybersecurity maturity framework (CMMC) or what GSA is considering.
Wickr is the fully secure collaboration platform used by many government agencies and defense contractors. To learn more about Wickr’s encrypted communications platform, reach out to our cybersecurity experts at email@example.com or visit www.wickr.com.
AUSCF is a non-profit association for cyber professionals from the military, other federal agencies (e.g., DHS, FBI), and members of the civilian community and industry who also serve in the interest of national security within cyberspace. Learn more by visiting: www.auscf.org
AUSCF encourages open discussion on matters related to cyber and national security. Posting of the above article does not imply AUSCF endorsement of any specific products, services, or author opinions.