Cyber threat intelligence is a critical advantage in cyberspace. I spent over two decades learning to leverage it for the Department of Defense (DoD).
Bad cyber actors hit the DoD with more than 12,000 cyber incidents since 2015, according to a recent Government Accountability Office (GAO) report. CrowdStrike threat hunting units also saw a 40% year over year increase in observed intrusion volume on defense networks (2023 Threat Hunting Report | CrowdStrike).
Cyber threats and incidents have skyrocketed in the last decade, and it is likely that this trend will continue for the foreseeable future. The DoD must maintain the advantage and adapt to counter these increasingly complex attacks. While bolstering cyber defenses is mandatory, defense agencies must prioritize threat hunting and intelligence to increase visibility into threats, improve decision-making abilities, and identify new counteroffensive measures.
Cyber Threats Facing DoD
Prior to joining Maximus, I commanded the Army’s only active-duty information operations battalion, served as Chief Information Security Officer (CISO) in the Office of the DoD Deputy Chief Information Officer for Special Programs, and served as the Authorizing Official for accreditation and certification of multiple classified IT networks. Each of these positions gave me an amazing vantage point to witness the dramatic increase in cyber threats firsthand.
Types of cyber threats range from trickery to sophisticated zero-day attacks, but 95% of cyber incidents are caused by human error. Phishing and social engineering attempts rely on tricking end users to gain access.
Unfortunately, I anticipate the increased adoption of artificial intelligence (AI) will boost the number of these attacks and make them much more realistic-looking and therefore difficult to recognize. Successful cyberattacks also take advantage of organizations that don't conduct regular patching and updates, essentially leaving the door wide open for bad actors to take advantage of poor security.
Attackers persistently seek access to DoD and other government networks, but they also focus on “soft” targets they believe provide an easier path to network access, such as companies within the DoD contracting and R&D community, also referred to as the Defense Industrial Base (DIB). Programs such as the DoD’s Cybersecurity Maturity Model Certification (CMMC) harden these targets by ensuring partners meet minimum cybersecurity standards.
DoD Responds to Cyber Threats
Ironically, the increase in cyber threats helped improve DoD’s cybersecurity posture in three key ways –
- Collaboration: To protect against the increase in threats, defense agencies forged partnerships and developed information-sharing best practices amongst themselves, the DIB, and other federal agencies. The Cybersecurity and Infrastructure Security Agency (CISA) shares threat intel across the government and private sector.
- Enhanced security measures: The rapidly shifting cyber landscape spawned the creation of advanced data protection models, such as zero trust, and reduced human error rates.
- Changed defense approach: Every aspect of DoD must plan for cyberspace operations, both offensive and defensive. U.S. Cyber Command now plays a pivotal role in all DoD cyber activities.
The Role of Threat Intelligence
Threat intelligence helps DoD identify potential threats and vulnerabilities before they are exploited, reducing the likelihood of data breaches. The strategic use of threat intelligence helps organizations stay proactive in their cybersecurity approach by –
- Providing early warning of cyber incidents.
- Recognizing areas of a network that are most likely to be targeted so CISOs can put extra security measures in place.
- Identifying root causes of cyber incidents, whether a network misconfiguration or an exploitation of a zero-day vulnerability.
- Minimizing human error from the equation by automating patching and prioritizing the greatest vulnerabilities.
- Informing the allocation of resources to combat specific threats.
- Using data to implement robust access control and user authentication measures.
- Developing and practicing incident response plans to mitigate breaches before they happen.
Cyber threat intelligence also helps defense agencies establish effective countermeasures against cyberattacks by –
- Understanding adversary tactics: Knowing how a bad cyber actor operates helps an organization prepare defenses and quickly detect signs of an intrusion, tailoring specific defenses to these threats.
- Enhancing incident response: Up-to-date information about ongoing cyberattacks allows incident responders to act decisively, preserve evidence, and expel intruders from their network.
- Increasing collaboration: Sharing information across organizations constitutes the best countermeasure. Threat intelligence allows agencies to learn lessons from others’ experiences.
Cyberattacks will proliferate and continue to become more sophisticated, particularly with the widespread use of AI, but the strategic use of cyber threat intelligence can help DoD understand threats, prevent attacks, and mitigate damage.
To learn more about Maximus’ threat hunting capabilities, visit maximus.com/cybersecurity. For more information on how Maximus integrates cyber solutions across DoD, visit maximus.com/defense.