Russian interference in 2016 election prompted better information sharing, top DHS cyber official says
There was a time when the National Security Agency and the Department of Homeland Security primarily kept to themselves when it came to information sharing. That time is in the past.
Two top government cybersecurity officials — Director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, and Anne Neuberger, the director of the NSA’s Cybersecurity Directorate — said Monday that information sharing and collaboration on cybersecurity issues has dramatically improved in recent years.
“I really honestly think four-to-five years ago having a CISA … or NSA person sitting next to each other talking about how great things are — you would think you were in a really bizarre time,” Krebs said while speaking at San Francisco CyberTalks, an event produced by CyberScoop. “I don’t think we really had as close a partnership as it could have been.”
Why has the relationship improved? Krebs said he attributes the bolstered collaboration between DHS and the NSA to “the 2016 election” and “interference by the Russians” in that year’s presidential election.
But when it comes to information sharing in the election security space, Krebs admitted the government hasn’t ironed out all the kinks.
“Are things perfect? Absolutely not,” Krebs said. “This is going to be a lifetime — a generational engagement on election security.”
His comments come at a tenuous time for the intelligence community. Last week, details of a classified election security briefing before the House Intelligence Committee on the 2020 presidential election became public. That briefing revealed that Russia has a preference for President Donald Trump, as CyberScoop reported — but media reports are conflicting on what Russia actually wants. The intelligence community lead on election security may have misrepresented the nuance of the intelligence behind the briefing, according to CNN.
Room for improvement
For DHS, however, Krebs said, information sharing in the election-security space has drastically improved since 2016, spurred along in part by the creation of the election security-focused ISAC in 2018.
“Comparing where we were in 2016 starting from scratch we’ve come miles … light years from where we were in 2016. In the defense of the 2016 presidential election there were not established mechanisms for working with our state and local partners,” Krebs said.
The Election Infrastructure Sharing and Analysis Center (EI-ISAC), run by the Center for Internet Security, has helped DHS set up the proper channels to help state and local entities assess risks in their systems, Krebs said.
“Just having an ISAC — all 50 states, 2,400 jurisdictions — those sorts of things [make it so] we can continue to push information out. We can push out indicators on intrusion detection systems that we’ve been working with states on,” Krebs said.
Sharing information on vulnerabilities
Krebs and Neuberger also touted their efforts earlier this year to share information about an NSA-discovered Windows 10 vulnerability publicly. The same day Microsoft issued the patch, the NSA shared it’s work while CISA issued an “emergency directive” ordering federal and civilian agencies to patch within 10 business days.
Information on the vulnerability, which would allow attackers to spoof the validity of certificate chains, was shared early with the private sector and national security system owners so they would be prepared to protect against the vulnerability once Microsoft issued a patch.
“We did joint sessions with U.S. government CISOs [to warn them],” Neuberger said. “We tipped awareness to key network owners so they were aware so the moment the patch came out they could jump on it and protect [their systems].”
Although the NSA has long shared vulnerability information with the private sector, it was the first time the NSA publicly took credit for uncovering a vulnerability it had discovered, a step the agency took as part of a recognition that “the period between when an adversary can weaponize a particular vulnerability is a tiny period of time,” Neuberger said.
Neuberger said the NSA also took the unprecedented step of taking the mantle on sharing information about a vulnerability it found publicly because the NSA recognizes sharing information could build trust with the public.
“You don’t build trust during a crisis, right? You build trust in the way you routinely behave along the way,” Neuberger said.