Posted on
in Podcasts
Podcast Transcript
Introduction:
You're listening to the RSA Conference podcast, where the world talks security.
Kacy Zurkus:
Hello listeners and welcome to this edition of our RSAC 365 podcast series. Thanks so much for tuning in. I'm your host, Kacy Zurkus, content strategist with RSA Conference. And this month we've been focusing our content on OT and ICS security, which is why we are excited to have Erin Miller, executive director at Space ISAC joining us today to discuss how to overcome barriers to threat intelligence sharing.
Before we get started, I want to remind our listeners that here at RSAC we host podcasts twice a month and I encourage you to subscribe, rate and review us on your preferred podcast app so that you can be notified when new tracks are posted. And now I'd like to ask Erin to take a moment to introduce yourself before we dive into today's topic. Erin.
Erin Miller:
Thanks, Kacy. So glad to be here. My name's Erin Miller, I'm the executive director of the Space ISAC and I actually work for the National Cyber Security Center. National Cyber Security Center operates the Space ISAC. I've been with the organization for about four years now and my background is primarily in public-private partnerships. I've been doing cybersecurity as well as rapid commercialization of technologies for the war fighter for about 10 years now. So I'm very glad to be here to have a great conversation with you, Kacy.
Kacy Zurkus:
Yes, and we are excited to have you here. And I don't know if you're aware, but RSA Conference and Mari Talk recently conducted a survey of 100 private and 100 public sector cyber security professionals. The goal was to understand how to improve public-private partnerships, which makes you a wonderful guest to have this conversation. So we really appreciate you being here.
The results of that survey showed that while 93% of cyber decision makers say public-private partnerships are vital to national defense, just one in three actually believe they are very effective. So can you share from your perspective and experience the effectiveness of public-private partnerships today?
Erin Miller:
Yes, absolutely. So I think that there's a variety of reasons why the perception might be that they're not impactful and some of those probably stem from the fact that a lot of the work that happens in a public-private partnership is very grassroots focused. So there's a lot of natural exchange of information that occurs in a public-private partnership that's not documented formally, especially in the research and development realm.
And I think those public-private partnerships, a lot of them are also federally funded and they're also commercially funded. And so the return on investment for the different stakeholders is going to be different and they're going to see reporting that's different in each case. In the case of the cyber security professionals that are evaluating public-private partnership, they may be looking more at the P3s that are ISAC's information sharing and analysis centers.
And I've done some work looking into ISACs and Space ISAC is the 30th one at this point. We spent a little bit of time doing some research before we stood it up. We knew that there were a lot of best practices out there that we had to learn before we could stand up the Space ISAC and be successful.
Kacy Zurkus:
And so what have you learned are some of the tactics that we can or maybe should use to minimize systemic risk and supply chain ramifications?
Erin Miller:
So when we look at ISACs and the model that is laid out before us in order to minimize risk, that's essentially what an ISAC is doing is creating awareness of what that sector faces in terms of cyber security risk and supply chain threats and vulnerabilities. Then we have a very cookie cutter approach. And so with the ISAC model, the way that it's been laid out that way being so cookie cutter where we just pull together public and private sector and we say that we are going to make our best efforts to share cybersecurity threats and vulnerabilities, we're not addressing all of the different elements of the ecosystem.
So I think a lot of the different elements of the ecosystem that need to be addressed include those like in the ICS SCADA realm where we're looking at the end point or we're looking at the application of the technology. And especially in the space sector, that's going to be incredibly relevant, because we're not just looking at the trust rail layer, we're looking at the space layer as well. So we have all of these space assets that are up there and we have to address the cybersecurity of those spacecraft.
Kacy Zurkus:
Which I know has really been an issue growing in concern of late, right, especially as it relates to satellites. So why is understanding the threat landscape critical in today's interconnected world, particularly as it relates to space?
Erin Miller:
So with the space sector then we have a variety of different segments. We have the user, the ground segment, the link segment, the space segment, and we even have launch. And Space ISAC recently, we published a frequently asked questions document that shows this threat taxonomy and how everything is so interconnected and we have threats and vulnerabilities that can affect each segment.
And typically there's been a lot of focus on the ground segment. So now that we are moving towards opening our Space ISAC watch center, we're going to start monitoring the threats and vulnerabilities actually to the space layer as well. And this will change the dynamic of the reporting that's able to come from a cyber security perspective out to space industry members. The incidents of compromise and the other indicators that can come from traditional cyber threat intel sharing are now going to be made available to the space sector through the Space ISAC watch center.
Kacy Zurkus:
That all sounds fantastic. Could you share with our listeners what you have seen or experienced as some of the greatest obstacles maybe, to that kind of information sharing?
Erin Miller:
Some of the obstacles to information sharing stem from the human-in-the-loop element, which I do believe affects every sector. So that's why we are standing up the Space ISAC watch center to use threat scenarios that inform the design of the watch center.
So what that means is all of our member companies have the opportunity to actually write out what they view as the greatest threat to the sector or to space systems and do their own individual independent analysis before the watch center goes ahead and starts to allocate resources to addressing that threat scenario. So we look for data sets, we look for analysts that are trained to understand that scenario, and then we can roll it out in our watch center. Either in January through February next year when we're targeting to open the watch center or afterwards. We will build out our capability to really contain the scalable approach that allows members to design a threat scenario at any time and bring it to bear in the watch center.
So the challenge that this addresses is the need to automate the data sharing and the information sharing in such a way that it's a template approach. So we have a template for the analyst that requires very little thinking and it incorporates artificial intelligence and machine learning and fuses data sets. And that way we're able to move quickly. We're very agile and we're not relying on a qualitative input from the analyst every time indicators are shared.
Kacy Zurkus:
So is the very existence of these sector specific ISACs in any way an obstacle to information sharing, or is there the ability for all of these different sector specific ISACs to be able to communicate with each other and share intelligence across sectors as well?
Erin Miller:
That's a great question. I have heard some dialogue actually brewing about how we can really bring together the collective defense of all sectors. And this conversation is incredibly relevant to the defense and protection and increased resiliency of the space sector because we have so much interdependency on our space systems across all of the six designated 16 critical infrastructure sectors, those designated by DHS.
So when we look at precision agriculture or the water sector or communications or anything that we could anticipate remote sensing serving in the future, there's a tremendous amount of dependence on space systems that we're forming and it affects all sectors. So we're constantly thinking about how do we protect these space systems that affect every other critical infrastructure sector? And we're working closely with Department of Homeland Security to identify those interdependencies. We also have an information sharing working group that is doing some analysis on that so that we have a deeper understanding of how everything is so interconnected.
Now, DHS I believe has also put together some recommendations on their risk management approach to address how interconnected our 16 critical infrastructures are becoming. That is definitely a big question to try to tackle. There's a lot going on there. And our risk management approach to all sectors has to be looked at from, we'll say a global perspective by our senior leaders.
The ISACs themselves, the National Council of ISACs, does convene regularly, and there are different entities within that group that are very involved. There's a group I'll do a shout out to called Cyware. They provide a threat intel sharing platform. We actually use theirs and a member sharing portal that does allow ISACs to connect with one another and issue alerts to one another so we have that enhanced cross-sector sharing.
Kacy Zurkus:
And have you seen any commonalities in the information that's being shared? I guess I'm wondering how unique the threats are, the different sectors?
Erin Miller:
I typically see the alerts have a lot of commonality and I think, just off the top of my head, it's the lowest common denominator issue, is because when you decide you're going to share cross sector, then you share things that are relevant to everyone. And so it becomes just typical cybersecurity alerts and notices and nothing unique that you would see specific to one sector.
We are being really specific in this conversation about the differences with the space sector, how we have a launch community. There's no other sector that, not that I can think of that has something, anything like a launch community. So there's an unlikely case that we would share anything related to the launch community with the water sector unless we saw a direct tangible impact for them.
Kacy Zurkus:
So then what steps, strategies, or practices would you recommend for strengthening this collaboration?
Erin Miller:
So to me, one of the biggest things that we can do as a community is focus on workforce development. And I recognize that National Space Council has called out this as a need where we need to do more STEM outreach and more STEM development and get the next generation involved in STEM fields. My sense is that because we're creating this dependency on space systems and space is so unique that we need to be even more intentional with our approach and we need to start looking at cyber security for space professionals.
So we have put together a workforce development community of interest and they'll be speaking at our Value of Space Summit that's coming up in October where we will be looking at the competencies that are required from a cyber security point of view. So the NSA and their documented competencies will be leveraged and we'll start applying space system's knowledge base to that to determine what the cyber security for space competencies should look like for the next generation workforce.
And we can get even more specific by defining occupations like cyber security for space analyst, just to throw one out there for consideration. We need those folks to be able to sit in our watch center and be able to conduct this analysis. And they have to have a different kind of understanding than your traditional cyber threat intel analyst because they are looking at the space layer. So they may need something like a radio background so they understand frequencies, space-based frequencies, not the terrestrial ones. And so these differences in understanding are going to change the way that we do information sharing going forward.
Kacy Zurkus:
And some of the recommendations that we saw come out of the report are similar, right, like you said, to start taking action is really critical in moving forward in collaboration. And I think the idea of a single point of contact and streamlining communication because things can get bottlenecked, especially when there are multiple government agencies involved and it can get confusing about to whom are we reporting.
And I think right now we've got leaders that are working very hard to get all of that streamlined and establish clear lines of communication, which is great. So I think that there's a lot of forward movement and hopefully that will help to build this mutual trust moving forward to strengthen these public-private partnerships because they are critical to our national security.
So thank you so much Erin, for the work that you do, and thank you for joining us today. Listeners, thank you for tuning in. To find products and solutions related to OT and ICS security, we invite you to visit rsaconference.com/marketplace. Here you'll find an entire ecosystem of cybersecurity vendors and service providers who can assist with your specific needs. Please keep the conversation going on your social channels using the hashtag RSAC. And be sure to visit rsaconference.com for new content posted year round.
Participants
Erin Miller
Executive Director, Space ISAC
Technology Infrastructure & Operations
critical infrastructure cyberattacks industrial control security infrastructure security risk management security intelligence threat intelligence
Share With Your Community