News & Insights

The Role of the DIB in Countering Adversary Activity

Malachi Walker

The Role of the DIB in Countering Adversary Activity

Last Wednesday, WhiteHawk CEO and Founder, Terry Roberts participated in a panel in the Potomac Officer's Club CMMC Forum. The panel discussed just how much of a role the Defense Industrial Base (DIB) plays in countering cyber adversaries from an economic, pragmatic, and national security perspective.

Expanse's Dr. Matt Kraning moderated this panel and Terry participated with panelists Richard Naylor from the Defense Counterintelligence and Security Agency and Ted Ross from SpyCloud.

The panel began with Richard Naylor introducing himself from the perspective of the times of this pandemic being a time that exposes many companies to threat actors stating "The interest of becoming a cyber-criminal is at an all-time high"

WhiteHawk's Terry Roberts introduces the thought from the perspective of an economic standpoint. Roberts wants DIB to think about this not as a burden but as a necessity. Automobiles started with no insurance or safety regulations but ultimately the implementation of them was necessary. We have not been able to track and report cyber-crime from a systemic approach that involves contractors, we do not know the full-scale impact. CMMC provides the opportunity to turn those unknowns into knowns and being proactive will save money in the long run and actually boost ROI

Ted Ross echoes Terry from a pragmatic perspective; speaking about importance of taking initiative to prevent threat actors from malicious activity. Naylor follows Terry's automobile analogy with a comparison that adds to this pragmatic perspective of Ross; speaking of how long it took to evolve the use of an aircraft for military use, the importance for a company in the private sector to have the capability to identify tactics, techniques, and procedures (TTPs). Some interesting statistics introduced were that 14% of DIB attacks are exclusively cyber and 78% of approaches are cyber involved.

Ross continues this thought, highly recommending the zero-trust model (you can't trust any link you see until you've confirmed that the individual was the one that sent it and that it was intentionally done so in a mindset that does not involve malware). The cyber domain has transformed into an easy attack-vector for nation states; it is Important to continuously check to ensure employees with login access are not compromised. Two-factor authentication helps. He introduces information stating most attacks are human not automated but automated solutions that make it difficult for humans can help

"What can companies can do now to prepare rather than just wait for CMMC?" Kraning asks Terry. Roberts recommends reporting and tracking every event; stating that any attack involving the DIB Impacts the entire community. A second thing we can do today is implement an opt-in continuous cyber risk monitoring approach. This is the only way companies today can identify their risk and prioritize them with limited resources. One especially need that lens if you are not a cyber based company to prepare for the standards of CMMC

Terry mentions later in the panel that there a lot of foundational controls in place that map to CMMC so if companies have matured to account for those datasets, they will be prepared for CMMC. From an economic and pragmatic perspective, if continuous monitoring is bought in bulk rather than one by one, they will cover more risks and the cost will go down exponentially to as little as $500-$1000 annually. The lesson to draw is many different strategies to consider but continuous monitoring is not expensive it is a commercial commodity.

From here, the discussion continued to encompass the forthcoming CMMC. Terry mentions that because everyone will be required to make level one, a pragmatic approach that makes it easy for everyone to get there should happen as quickly as possible. This starts with vetting different vendors or solutions that are out there: specifically, Governance Risk and Compliance (GRC) platforms like CyberOne.

As panelists make their closing statements, Terry advises the audience to again think about this with excitement not fear. An opportunity to get everyone in the DIB through level one this year to boost our country's overall cyber capabilities. Kraning asks "Should cyber capabilities be time based or need based?" and Terry replies that there's always a need and a vulnerability and brings discussion back to continuous monitoring as way to identify those needs.

Whether the perspective is economic, security, or pragmatic, all panelists have made it clear that the DIB has a major role in countering adversaries and action should be taken as soon as possible. View the full forum free on-demand here.