Reflecting on Russia’s meddling in the 2016 U.S. election, U.S. Senator Ben Cardin said Fort George G. Meade and its tenants – including the National Security Agency (NSA) and U.S. Cyber Command – constitute “our frontline defense to what I think is the greatest threat to America.”
Speaking to a gathering of government officials and private sector executives, Cardin stressed the need for heightened public-private collaboration to resist increasingly sophisticated cyber assaults on American democracy. The gathering, organized by the Fort Meade Alliance (FMA), focused on ways to improve America’s cyber defenses and included insights from NSA Executive Director Harry Coker, Jr. and Leidos Chairman and CEO Roger Krone.
The 2016 election demonstrated how the Russian government has become highly skilled at using asymmetric tools – including cyber attacks, propaganda and social media bots – to impact other countries, Cardin said.
But the election was “just a small part of the overall design that [Russian President Vladimir] Putin has for an all-out assault on democratic institutions” in the U.S., Mexico and Europe,” he said. The Central Intelligence Agency has already warned that Russia will be “extremely active” in the 2018 mid-term elections, Cardin added.
The United States faces “a diverse set of national security challenges from a diverse set of adversaries, both state and non-state actors,” Coker said.
Furthermore, the technology employed by those adversaries “will continue to grow exponentially,” he said. “One thing I have noted in my decades within national security is there are plenty of very bright adversaries and they are paying attention … so they are a tough challenge.”
A report released in January by the Democratic staff of the Senate Foreign Relations Committee detailed two decades of Putin’s attacks on democratic institutions and called for policy changes to protect the 2018 and 2020 elections.
The report “is fascinating and terrifying all at the same time,” said Steve Tiller, FMA President. “It emphasizes that the U.S. and its European allies are still extremely vulnerable to cyber attacks and it recommends a commitment to mutual defense both in Europe and the U.S. against state-sponsored cyber attacks through rapid reaction teams, international treaties and other resources.”
Tiller asked what can the private sector do to facilitate those defense efforts?
“In America, we still have not figured out how the government and the private sector can work together in cyber,” Cardin said.
Collaboration is challenged by a “mindset that we can’t just freely share information about cyber threats and vulnerabilities between the public and private sector,” Coker said. “We need to look at things differently.”
Public and private sectors, Cardin and Coker said, need to hone methods of sharing cyber threat information that are safe, productive and trusted by the public.
Leaders in cyber, both from the public and private sectors, need to increase efforts to develop and employ a highly skilled workforce, Krone said. In addition to supporting relevant courses in schools and universities, and offering internship programs, cyber leaders need to re-examine labor categories for cyber jobs, he said.
“We probably don’t have enough categories at the entry level. Most start at five years of experience as an analyst,” Krone said.
That requirement makes it difficult to make good use of new college graduates and often results in contractors being “slow to staff” federal projects, Krone said.
“We have to take more risk on our people,” Coker said. “Typically, in the public sector we hire on demonstrated performance… We need to take a look at ability to learn and if the individual is in line with the institution’s core values. We lose out on too many good people because we say, you haven’t done X, Y or Z.”
The cyber sector, Krone said, could increase its workforce and staff projects faster if it could make greater use of retiring military personnel who have conditional security clearances and can start work while they complete their permanent clearances.
Cyber companies could strengthen America’s cyber defenses by focusing more on “the fidelity of information we get through the digital media,” Krone said. “The attacks in the last election really went to that core where we didn’t know if an article was fake news or not. We didn’t know what messages to believe… That really tears apart the fabric of society.”
“We really need to get to the point where we are doing information assurance [to prevent cyber attacks] and not forensics and reactions to cyber events,” Krone said.
Information-assurance efforts, Cardin said, would counter one of Russia’s primary attack strategies.
“Part of Putin’s design is to discredit all news…and [argue] that no elections are totally free,” Cardin said. “We need to work together to restore confidence in our system, in our independent media… We need to build up the institutions that strengthen our democratic country.”
Click here to view photos from the event.