As the pace of cyberattacks on both the public and private sectors has continued to increase, it’s become clear that improved cybersecurity is in the national interest. Since the Biden administration assumed power in January 2021, they have announced a series of ambitious plans to strengthen the country’s cybersecurity. The newest arrow in that quiver is the National Security Agency’s cybersecurity collaboration center.
The new center, which opened in January and was showcased to the media in late June, is the NSA’s groundbreaking hub to increase engagement with the private sector. This is an unusual move for the NSA, an agency that typically does its work behind the scenes, with little public visibility. But massive cyberattacks such as the ones on software provider Kaseya, oil and gas giant Colonial Pipeline, global meat processer JBS and the Oldsmar water treatment facility have threatened the U.S. economy and public safety in the last year. This new landscape has made it clear that something has to change if the U.S. wants to keep pace with the growing cyber threat.
“I think it is really important for NSA to take a stance where we are engaging and figuring out how to make the environment more secure, and everyone is learning from the lessons of the past,” said NSA Director of Cybersecurity Rob Joyce at a media roundtable, according to Reuters.
While the NSA won’t be giving up security clearances and classified conversations entirely, the new, 36,000-square-foot cybersecurity collaboration center is designed to provide a welcoming environment where industry professionals from the public and private sectors can share information to better respond to cybersecurity challenges. This ushers in a brave new world — and an entirely new ethos — for the highly secretive agency in that it’s located off campus from the NSA’s main headquarters in Fort Meade, Maryland, there’s no security checkpoint at the entrance and people can bring personal devices into the facility.
The goal of creating these partnerships is to help the NSA prevent and eradicate foreign cyber threats to national security systems (NSS), the Department of Defense (DoD) and the defense industrial base (DIB). According to the center’s website, “These collaborative relationships leverage the unique strengths of both government and industry, and represent a vital part of a whole-of-nation approach to cybersecurity.” Reuters said the center hopes to welcome partners from key national industries, such as defense contractors, cybersecurity companies, cloud computing firms and internet service providers — though the NSA declined to identify which companies will be participating.
“NSA has had a long history of collaborating with industry, academia and other government partners,” said Matthew Seligman, technical director of the cybersecurity collaboration center in an NSA video. “The thing that makes our cybersecurity collaboration center unique is that we want to invite them into our space, we want to do this open, and we want to have robust, bidirectional collaborations. So by pulling together industry, academia, other government partners and us, we feel like we can better and more holistically go after the cyber threat and better protect the United States’ networks and systems.”
To meet the growing cyber challenge head-on, the government needs to get better at prevention, versus after-the-fact incident response. To that end, the center has three primary goals: to fuse intelligence leads with commercial data and insights from industry partners to better identify malicious cyber actors; to create innovative tradecraft to discover and track adversaries who pose a threat to NSS, DoD and DIB networks; and to mitigate, prevent and ultimately eradicate threats through collaborative development and sharing of cybersecurity advisories and indicators of compromise.
“We have seen significant benefits from working with the private sector, specifically on threats to the DIB and national security systems,” said Morgan Adamski, chief of the cybersecurity collaboration center in the same NSA video. “We’ve been able to share information real-time. We’ve been able to jointly develop mitigation guidance. We’ve been able to really partner with the private sector to better understand the full scope of all the threats. Cybersecurity is a team sport. We all have different pieces, we all have different knowledge, and we have to bring that knowledge together to better understand what the foreign threats are doing against the things that we care the most about.”
The announcement of this new center comes on the heels of other major government cybersecurity initiatives such as the Executive Order on Improving the Nation’s Cybersecurity and the Department of Homeland Security’s new cyber requirements for pipelines.