As attacks become increasingly sophisticated, there is a clear need for a public-private partnership between the US government and industry to help identify and stop attackers.
In a panel session at the RSA Conference 2022, government and law enforcement officials joined with Microsoft to outline how they have been able to work together to take down the most impactful nation-state attackers. Amy Hogan-Burney, associate counsel and general manager of the Digital Crimes Unit at Microsoft, commented that nation-state attacks have become more sophisticated.
"What that generally means is we are seeing nation-state actors that are incredibly well researched," Hogan-Burney said. "They are doing a lot of research on their targets specifically to social-engineer their targets to be more successful."
Tonya Ugoretz, assistant director of the Directorate of Intelligence at the FBI, commented that nation-state attackers are also trying to exploit perceived gaps in the ability of organizations in the US to be able to effectively identify and block malicious activities. Ugoretz said that the US government aims to look to see how it can use the inherent strengths of American democracy and public-private partnerships to work together so that those gaps are minimized.
US law enforcement and government officials really do need to work with private industry, according to Adam Hickey, Deputy Assistant Attorney General National Security Division at the US Department of Justice. Hickey explained that the overwhelming vast majority of malicious activity is occurring on privately owned networks.
"We're really beholden to the private sector, the owners of those systems, to tip us to what they see, to help increase our ability to collect information, so that we can disrupt attacks, because otherwise, we're not going to know about everything," he said.
Hafnium Takedown is a Case Study in Public-Private Partnership
The panel spent much of the session talking about how Microsoft, working together with the FBI and the Department of Justice, was able to identify, block and mitigate the risks from the HAFNIUM nation-state attackers coming from China in 2021.
Ugoretz explained that whenever there is a significant cyber incident, there's a mechanism by which the US government organizes called a Unified Coordination Group. It basically is a means to have enhanced coordination among CISA, FBI, the Department of Justice and the Director of National Intelligence to bring together incident response capabilities at a heightened level. In the HAFNIUM case, she noted that it was the first time that the US government officially brought in a private industry partner with Microsoft to enable truly unified coordination. Microsoft had its sources of intelligence, which were shared with the US Government agencies, which were able to act together to mitigate the attack.
"There's a public safety mission for the FBI and the Department of Justice, and part of what we do is look to protect people from crimes while they occur, to prevent them if we can, to protect life and property," Hickey said.