Recapping “The Information Warfare Age” with Mieke Eoyang
During the Defense 1 Tech Summit, Mieke Eoyang, Deputy Assistant Secretary of Defense for Cyber Policy, and Patrick Tucker, Technology Editor at Defense One, discussed the current state of cyber policy and how it relates to national security, democracy, and how the Department of Defense (DoD) plans to prepare against future challenges of cyber warfare.
When Eoyang joined the DoD, she and her team swore to uphold and defend the American ideals of freedom digitally, such as democracy and the right to free speech. This type of technology coupled with a rise of digital authoritarianism in other nations globally presents a challenge to America’s national security and makes it more dangerous for Americans to speak out against what they feel is abuse in other countries.
PROTECTING AND DEFENDING
While a rise of disinformation and repression presents a challenge and danger to people all around the world, the DoD is actively working on tactics to defend U.S. national security interests. “The U.S. needs to make sure that we have indigenous technology alternatives and that the department is investing R&D in the manufacturing sector here in the U.S.” Eoyang goes on to say, “I think we also need to make sure that we are offering alternatives to our allies when they are considering their own technology purchases, and we need to do a better job of sharing the risks and vulnerabilities that our allies may incur if they were to engage in purchasing such technologies.”
THE NEED FOR – AND CHALLENGES OF – INFORMATION SHARING
Later in the discussion, Eoyang and Tucker tackled the topic of trust, transparency, and information sharing across private entities and allied governments. Cyber professionals and practitioners have long called for better information sharing to help organizations better protect themselves against malicious actors and threats, but to do that, there must be mutual trust between the government and those organizations.
While Eoyang agreed, she cited multiple challenges in information sharing. A large amount of information is held at various levels and the act that they themselves have work to do in getting their own house in order when it comes to how they share information internally. Eoyang stated though that when industries are asked to share information with the government regarding whether they have been breached, the department will keep that information confidential, and going forward, the DoD will have the ability to help those organizations should a future breach occur.
CURRENT STATE OF COLLABORATION
According to Eoyang, information sharing between private sector and the government is essential. As collaboration between the private and public sectors improves and grows, she cited some areas in which they may be able to improve that effort and support them on their missions to ensure that they know what to do. “There has been tension between the U.S. government and tech companies, and I think we need to work on that trust building, we need to work on our transparency so that people understand what we’re doing and how careful we are about what we do,” states Eoyang.
One way to improve information sharing is by leveraging a platform that works off of the latest information sharing standards, such as STIX 2.1. This way, threat intel can be shared fairly seamlessly. Leveraging a threat intel platform that correlates, contextualizes, and enriches threat intel automatically can help reduce the manual effort needed to sort through troves of threat intel data. Going a step further, using a platform that can share selected information easily via STIX 2.1 versus having to manually input information to share means that organizations can save time and resources – and share at machine-speed.
Some tech companies, like LookingGlass, have worked side-by-side with the US Federal Government since its founding in 2009. Understanding that the agencies have a wide set of missions, especially in cyber, and finding the common ground on meeting or exceeding mission objectives is critical for collaboration.
Eoyang concluded this presentation with encouragement to industries to continue to work with the defense so that they have a better understanding of what they may be able to provide to help strengthen the cybersecurity of their partners and allies. “Doors are always open to talk about that,” she concluded.
A recording of the full discussion is available for those who registered for the conference.
For organizations interested in learning how they can best determine where to focus their cybersecurity efforts, contact us today.