U.S. Air Force Lieutenant General Timothy Haugh testifies during his confirmation hearing before the Senate Select Committee on Intelligence at Hart Senate Office Building on July 12, 2023 on Capitol Hill in Washington, DC. Lt. Gen. Haugh will become the next Director of the National Security Agency if confirmed by the U.S. Senate Photo by Alex Wong/Getty Images
Attacks against defense industrial base increasing, NSA chief warns
The Pentagon is pushing ahead with zero-trust plans to automate defenses against future threats.
BALTIMORE—China, Russia, and others are taking aim more frequently at companies that serve the U.S. military, Gen. Timothy Haugh, the head of U.S. Cyber Command and the National Security Agency, told the crowd at TechNet Cyber on Tuesday.
The defense industrial base—the companies that produce goods and services and conduct research for the Defense Department—includes more than 160,000 domestic and foreign companies that employ 9 percent of the U.S. workforce, Haugh said. That base “is being actively targeted by our adversaries and competitors, particularly by the People's Republic of China,” he said.
U.S. government officials and lawmakers have called China a top cyber threat for years. But this year, they have been issuing increasingly dire warnings about China’s rising risk tolerance for cyber operations, as evinced by the Volt Typhoon campaign, which targeted key elements of U.S. infrastructure.
In response to a question from Defense One, Haugh did not expressly say that China was also employing Volt Typhoon against partner militaries, like the Philippines, but did say it was a “serious concern, not just to the United States, but also to our allies.”
The NSA and Cyber Command are devoting more time and energy to threats posed by AI-enabled cyber attacks, as well as working on how to employ AI for cyber security within the Defense Department and within the industrial base, he said, pointing to the 2023 stand-up of the NSA’s AI cybersecurity center.
Last June, NSA and Cyber Command also announced they were expanding the Under Advisement effort, which links various entities—private cybersecurity companies, defense companies, other businesses of national security relevance, and government cyber security experts—to share information about threats, vulnerabilities, and attacks.
“Since 2021, researchers have identified over 20,000 distinct cybersecurity vulnerabilities each year, with 29,000 discovered last year,” he said.
The Defense Department and Zero Trust
NSA and Cyber Command aren’t the only entities in the Defense Department looking to make better use of artificial intelligence for cyber defense. Brian Hermann, the director and program executive officer for the Cyber Security and Analytics Directorate at the Defense Information Systems Agency, told reporters Tuesday that according to his estimates, some 75 percent of cybersecurity actions could be automated for far faster and better defense—particularly against attacks that adversaries have also scaled up through AI.
“We're not real close at all,” to reaching that percentage, he warned. But as the Pentagon continues to implement elements of its zero-trust architecture roadmap, the possibility of better AI-enabled cyber defense is rising, he said.
By the end of 2025, Zero-Trust Network Access should be implemented across Defense Department sites. That will put the Pentagon in a much better position to begin to better implement new, cutting-edge AI tools for defense across the entire DOD.
“I can tell you … we had to start in a couple of different places. The first is the streamlining of our data,” he said. “We've artificially defined cyber data versus data that is for network operations functions; and the truth is, it's all cyber data.”
Getting Defense Department data out of individual silos into a common data lake, where analysts—perhaps using AI tools—can scour it for indications of threats and intrusion is key to defending against future AI-enabled attacks, he said.
“One of the most notable things that comes as part of zero trust is the connection of the tools to each other. So historically we had protections at the perimeter; we had protections at the local user’s desktop station; we had firewalls that existed in the various parts of our infrastructure, and they didn't really talk to each other very much. That's the difference. Now they're starting to talk to each other. They're providing common data sets that allow us to say, ‘If I'm seeing something over here, and it seems to be hitting this endpoint’...That's the approach that we're taking, is establishing … a data lake architecture with a federated search capability, and then modernizing the tools at various stages.”