The most frequent and potentially destructive attack threats faced by the United States come not from missiles or warships but rather anonymous figures behind a computer. Cyber threats have proven to be a lucrative option for adversaries that wish to cause substantial detriment while maintaining a safe distance and limiting risk. These cyber threats can come from a variety of adversaries, such as national governments, terrorists, industrial spies, organized crime groups, hackers, and ‘hacktivists.’ 

As the United States grows increasingly reliant on computer systems and interconnected devices, malicious threat actors seeking to harm US interests can use cyberattacks to target financial services, political campaigns, and a host of critical infrastructure targets. The goal of these malicious actors is often to steal money or information, spread propaganda, alter political outcomes, damage critical infrastructure, or gain leverage against the United States. 

In particular, state-sponsored cyberattacks represent the most substantial threat to the United States and its interests. These state-sponsored cyber threats range from propaganda and low-level nuisance web page defacements to espionage and serious disruption resulting in loss of life and extensive infrastructure disruption. According to the Cybersecurity and Infrastructure Security Agency (CISA), for the next 5 to 10 years, only nation-states appear to have the discipline, commitment, and resources required to fully develop the capabilities needed to attack critical infrastructures. 

“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” - Executive Order on Improving the Nation’s Cybersecurity

“We can’t assume that only nation-states are capable – the increasing use of ransomware and other compromises shows that the attack surface is expanding. Our sophisticated defensive capabilities leverage machine learning and artificial intelligence to help automate the mitigations of less sophisticated attacks, so we can focus on the most dire threats. By integrating data, we can also increase the fidelity of threat actor identification.” - Arlette Hart, Senior Technologist for Cybersecurity at Leidos

Arlette Hart, a recognized, world-class cybersecurity expert, serves as Senior Technologist for Cybersecurity at Leidos, where she drives organizations toward comprehensive, risk-based protection strategies. Before joining Leidos, Ms. Hart served as Chief Information Security Officer for the Federal Bureau of Investigation, ensuring that the FBI’s data, capabilities, and networks were available where and when the Bureau and its partners needed them. Currently, she also serves as Adjunct Faculty at Carnegie Mellon University, supporting the Chief Information Security Officer Certificate program. Ms. Hart’s areas of expertise span the scope of cybersecurity, from compliance to operational, and include security architecture, advanced persistent threat, insider threat, intelligence, risk and compliance, and compromise 

Critical infrastructure describes the physical and cyber systems and assets that are vital to physical and economic security of the United States. Incapacity or destruction of critical infrastructure could have a debilitating impact on the public health and safety of the country. The Nation's critical infrastructure provides the essential services that underpin American society.

On May 7, 2021, the Colonial Pipeline - the largest pipeline system for refined oil products in the United States - suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. In response, Colonial Pipeline Company halted all of the pipeline's operations to contain the cyberattack. Assisted by the FBI, Colonial Pipeline paid the requested ransom ($4.4 million) within several hours after the attack. 

Adversaries use known vulnerabilities and phishing attacks to compromise the security of organizations, federal agencies, and private companies. Much of US critical infrastructure is owned and operated by the private sector, making the cybersecurity of these companies a top concern for the Federal government. Thus, the Department of Homeland Security (DHS) is coordinating with sector specific agencies, other federal agencies, and private sector partners to share information and mitigate the risks resulting from vulnerabilities of critical infrastructure assets. 

CISA offers several scanning and testing services to help reduce their exposure to threats:

• Vulnerability Scanning: Evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
• Web Application Scanning: Evaluates known and discovered publicly-accessible websites for potential bugs and weak configuration to provide recommendations for mitigating web application security risks.
• Phishing Campaign Assessment: Provides an opportunity for determining the potential susceptibility of personnel to phishing attacks. This is a practical exercise intended to support and measure the effectiveness of security awareness training.
• Remote Penetration Test: Simulates the tactics and techniques of real-world adversaries to identify and validate exploitable pathways. This service is ideal for testing perimeter defenses, the security of externally-available applications, and the potential for exploitation of open source information.

“Critical infrastructure is at an intersection point with legacy air gapped security controls and the need to provide for our wellbeing by keeping pace with the size, scale, and complexity of an integrated technology adoption rate in the modern era. Critical infrastructure is more than power, oil, roads, lights, vehicles, computers and phones—it's all driven by the power of technology and that’s evolving faster today than ever before. It’s important if not pivotal to recognize that there are people on both ends of the infrastructure, those wanting some sort of gain, and those trying their best to navigate their lives within it. When it comes to security and critical infrastructure, it's already here; we have to integrate into it in an intentionally cybersecurity threat-centric way to reduce the effects of those on the other end.” - Joshua Strunk, Chief Cybersecurity Officer for Homeland Security Solutions within the Intel Group at Leidos

Joshua Strunk is the Chief Cybersecurity Officer for Homeland Security Solutions within the Intelligence Group at Leidos. Prior to joining Leidos, Josh had over a decade-long career in Defensive Cyber Operations starting as a Cybersecurity Analyst at Customs and Border Patrol, then going on to serve as the Operations Manager at the Department of Homeland Security Enterprise Security Operations Center, and then as the Associate Chief Information Security Officer and Director of the Government Security Operations Center for the Department of the Treasury.
 

Zero Trust describes an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters, to a focus on users, assets, and resources. A Zero Trust model recognizes that trust is a vulnerability and assumes there is no implicit trust granted to assets or user accounts based solely on their physical location, network location, or asset ownership. Therefore, a Zero Trust Architecture (ZTA) requires all users, whether in or outside the organization’s network, to be authenticated and authorized before being granted access to applications and data. This initiative helps prevent successful data breaches by eliminating the concept of trust from an organization or agency's network architecture.

Embracing a Zero Trust security model will better position the IC to secure sensitive data, systems, and services as it seeks to defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats. In order for the IC to be fully effective in minimizing risk, Zero Trust principles and concepts must permeate most aspects of the network and its operations ecosystem. Therefore, all members of the IC, from chief executive to engineer and operator, must understand and commit to the Zero Trust mindset

Special Publication 800-207 from the National Institute of Standards and Technology (NIST) outlines the core components of Zero Trust principles and gives general deployment models and use cases where Zero Trust could improve overall information technology security posture.

“To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.” - Executive Order on Improving the Nation’s Cybersecurity

Artificial intelligence (AI) and machine learning (ML) are quickly becoming essential tools for the Intelligence Community (IC). These tools can help with tasks related to collection, processing, and analysis — half of the steps in the Intelligence Cycle - and can ultimately aid the IC in decision making by augmenting human expertise. A core purpose of the IC is to analyze data, connect disparate data sets, infer meaning, and ultimately make analytic and operational judgments based on all available data. Exponential increases in data volume and velocity are stressing the IC’s ability to find the most relevant data with which to make analytic judgments. This pressure on existing workflows has necessitated the use of AI and ML for the future mission success of the IC. 

In particular, deep learning - multi-layer neural network machine learning techniques - can be used for image recognition, speech recognition, cross-language translation, speech-to-text transcription, and threat detection. Although there are limits to its functionality, AI and ML allow machines to process vast amounts of information significantly faster than even the best trained analysts. 

AI and ML capabilities also offer military advantages, thus adversaries of the United States are already investing significant funds and effort into AI technologies that can blind or deceive the IC. One particular area of concern is the use of AI to generate high-quality forgeries of audio and video media known more commonly as ‘deepfakes’. The IC is meeting this challenge by adopting the best available commercial AI applications and combining them with IC-unique algorithms and data holdings to augment the reasoning capabilities of analysts within the IC. 

“Closing the gap between decisions and data collection is a top priority for the Intelligence Community. The pace at which data are generated and collected is increasing exponentially... Leveraging artificial intelligence, automation, and augmentation technologies to amplify the effectiveness of our workforce will advance mission capability and enhance the IC’s ability to provide needed data interpretation to decision makers.” - Dan Coats, Director of National Intelligence

“The significantly increased deluge of data being collected and stored can no longer effectively be manually analyzed and exploited by simply leveraging human capital and software tools. The mission users will require an extensive amount of automation built into the mission systems to enable the intelligence analysts to focus on higher order analysis. Leidos has invested in developing sophisticated mission aware AI/ML capabilities that can help to sift through vast arrays of data sets and automatically identify and correlate patterns and provide Critical Insights. This enables intelligence analysts to effectively identify dangerous threats and ensure appropriate, timely strategic action before catastrophic impacts.” - Chris Varghese, Vice President and Chief Technology Officer, National Solutions, Leidos Intelligence Group

Chris Varghese currently serves as Vice President and Chief Technology Officer of Leidos’ National Solutions Operation. In this role, he sets the strategic technology vision and goals for the operation to align with Leidos business goals. He previously held leadership roles working on Leidos’ Enterprise IT and Cyber Solutions portfolios. Before joining Leidos, Mr. Varghese served in various engineering and management leadership roles within Lockheed Martin’s Information Systems & Global Solutions (IS&GS) business. Mr. Varghese has over 18 years of experience in Agile Program Management, Technology Management, Portfolio Management, and leadership roles supporting software development and IT programs for multiple Intelligence Community and US Department of Defense customers. Through his extensive cross-customer management experience, Chris brings to bear a vast array of software development and technical management expertise to effectively manage program teams and lead technology strategy and vision.

Artificial intelligence and machine learning are proving essential to the future development of modern defense capabilities. The Department of Homeland Security (DHS) is taking necessary steps to leverage all that AI and ML can provide in order to maintain dominance over increasingly capable adversaries. 

In addition to DHS’ initial Artificial Intelligence Strategy released December 3, 2020, the Science & Technology (S&T) Directorate has released its own AI & ML Strategic Plan in August, 2021. Both strategies highlight the use cases for AI/ML to answer the threats of tomorrow, with particular attention on driving technology use cases for the DHS enterprise, facilitating use of proven AI/ML in Homeland Security mission sets, and building an AI/ML trained workforce. Initial areas of utilization for DHS fall across managing cyber and physical risks to critical infrastructure, securing US borders, preventing and investigating criminal activity, and response to natural and human made disasters. 

With the rapid growth of asymmetric threats over the past decade, AI and ML provide unique capability for DHS to meet these head on. With the ongoing identification of areas to apply AI and ML, and subsequent utilization, DHS will be better equipped to gain and hold a decisive advantage over America’s potential adversaries.