CTIIC Deputy Director Shares Strategy for Cyber Resiliency
in Public, Private Sectors
Cyber Threat Intelligence Integration Center (CTIIC) Deputy Director Dana Madsen discussed how the cybersecurity environment has evolved in the last decade and shared strategies for how the public and private sector can build cyber resiliency.
Madsen named Russia, Iran, North Korea, and the People’s Republic of China (PRC) as the top threat actors in the current landscape due to their cyberespionage activity, ability to disrupt critical infrastructure, and illicit revenue generation.
“It’s worth noting that the PRC remains a prolific cyber espionage threat,” Madsen said during Rubrik’s Public Sector Virtual Summit on October 8, while also indicating the potential for the PRC to conduct a cyber-attack that could slow U.S. force deployment and complicate decision-making in the event of a crisis.
CTIIC, which integrates Intelligence Community (IC) cyber analysis in support of national security and was formed in the wake of North Korea’s historic 2014 cyber-attack on Sony Pictures, is seeing an inflection point in the cyber threat landscape, Madsen said. Historically, cyber espionage -- the theft of intellectual property and proprietary data -- was the primary threat concern. Now, disruptive and destructive cyber attacks against critical infrastructure have become a real risk.
“It’s not that cyberespionage has gone away, it’s just that the landscape has become more complex,” Madsen said. “We have more to worry about -- both attack and espionage -- and we have a greater proliferation of actors out there.”
Madsen identified the private sector as a potential target of key adversaries and non-state cyber actors, discussing several examples of cyber-attacks on U.S. industries and critical infrastructure. Being connected to the internet makes businesses vulnerable to low sophistication, opportunistic attack, including by hacktivists and ransomware actors, that take advantage of simple security shortfalls, such as unpatched software and poor password security. He also described sophisticated efforts by the PRC state-sponsored hacking group VOLT TYPHOON to hide preoperational reconnaissance and network exploitation against U.S. critical infrastructure targets.
In response, IC is changing how it collaborates with other parts of government to make it easier to share our intelligence information when they talk to the private sector as part of their normal work. In some cases, this means thinking about how to provide intelligence insights at lower classification levels.
“Under normal stances, the types of products that we write traditionally have been geared towards senior policymakers, think the President’s Daily Briefing,” Madsen said.
The IC is also prioritizing sharing actionable information, and tailoring intelligence products to specific sectors.
“One of the things we found, and particularly as we think about the emergence and evolution of the threat, is that different sectors are at different levels of ability to think about, handle, and receive intelligence,” he said. “As the IC, we need to be cognizant, and are cognizant, of those varying needs and are working to also understand the needs of the different sectors.”
Adding advice for private entities and industry partners, Madsen recommended recognizing the potential to be a target, balancing cyber risk with business dynamics, and strengthening cyber hygiene and data resilience. He also referred to advisory products that are available through the Cybersecurity and Infrastructure Security Agency (CISA) and IC partners.
The conversation is available to stream on demand via https://rubrikpublicsectorsummit.vfairs.com