security operation center consolidation
TRANSCRIPT
Security Operation Center Consolidation
Chris Agar,
Chief of the NSA Cybersecurity Threat Operations Center
The Cyberthreat Landscape
• Espionage and exploitation
• Disruption and destruction
• Corrosion
Unity of Effort
• GEN Paul Nakasone is the Director of NSA
and Commander of U.S. Cyber Command.
He leads:
• A world-class intelligence agency
• A Unified Combatant Command
The Integrated Cyber Center
• NSA and U.S. Cyber Command share a 24/7 operations floor for the first
time in September of 2018, and invite U.S. government and FVEY partners
to join them
• Formerly, NSA and U.S. Cyber Command worked in two operations
centers that sat side by side
• Communication and collaboration existed, but not at the same level
The Integrated Cyber Center
• NSA’s missions are foreign signals intelligence and cybersecurity
• U.S. Cyber Command is responsible for command and control of military
operations and for the defense of Department of Defense Information
Networks
• They operate under separate missions and authorities
The Advantages of Integration
• Partners sitting together allows for continuous, near real-time information
sharing and tactical synchronization
• If an activity emerges, they can respond immediately
• Enhanced awareness and collaboration between partners
• Mission support has easy access to operations floor
Securing the Midterm Elections
• U.S. Government operations centers communicated leading up to election
day, and then synched throughout the day
• The ensured rapid information sharing and situational awareness of threat
and incident reporting for all mission partners
• NSA and U.S. Cyber Command were postured to provide on-site support
for activities undertaken by DHS and FBI
• U.S. Cyber Command established independent election cell
Operations Enabling Cell
• An Integrated Cyber Center cell where partner analysts are imbedded and
can perform their home agency mission, while collaborating with NSA,
U.S. Cyber Command and other partners on the floor
• Enhanced analyst collaboration led to countermeasures that mitigated a
phishing campaign targeting the U.S. Government
The Cybersecurity Directorate
• Mission to prevent and eradicate threats to national security systems and
critical infrastructure, focused initially on the defense industrial base and
the improvement of our weapons’ security
• CSD will better position NSA to operationalize its intelligence, vulnerability
assessments, and cybersecurity expertise by fully integrating these efforts
• Partnership will be critical, as will sharing information