Securing the 2020 presidential elections is NSA and USCYBERCOM’s No. 1 priority.
Establishing the Cyber 9-Line
The Cyber 9-Line operates similarly to the military reporting used by battlefield medics to quickly and accurately report combat injuries while in the field. It represents the first step in the information exchange program (IEP) created in late 2019 under the direction of U.S. Air Force Col. Samuel Kinch, the National Guard Advisor to USCYBERCOM, and in partnership with the Joint Cyber Command and Control program office.
Currently most states and territories have Cyber 9-Line training planned or are establishing accounts. To date, 12 states have completed the registration process and are now able to leverage DOD resources against foreign adversaries and strengthen U.S. networks.
By better informing USCYBERCOM on the range of foreign cyber activity in the U.S., Cyber 9-Line enables the defense of elections– the number-one priority of both the command and the National Security Agency.
“These relationships have been cultivated for many years via personal connections made by our Citizen-Airmen, which allows us to respond quickly,” said U.S. Air Force Col. Reid Novotny, Maryland National Guard J6. "Knowing that the Maryland Department of IT was handling restoration and the FBI was doing investigation, the 175th Cyber Operations Group provided the connectivity to the national resources located in our backyard at USCYBERCOM through a Cyber 9-line.”
Maryland’s quick response to the incident generated an immediate investigation by the FBI, building upon the FBI’s strong relationship with the state’s National Guard Cyber Protection Team. The FBI successfully identified the vector of attack and shared the critical information with the affected state and National Guard partners.
Working together, the FBI and National Guard collected evidence and developed a mitigation strategy, generating a Cyber 9-Line to USCYBERCOM.
Leveraging Big Data Against Adversaries
Thanks to the open lines of communication across government agencies, USCYBERCOM can now leverage key insights from stateside cyber incidents through the National Guard. This valuable data on cyber incidents in state and federal government is captured in the second part of what the IEP provides: intelligent use of USCYBERCOM’s existing unclassified cyber Big Data Platform (BDP).
The BDP specifically focuses on malign cyber activity, providing critical defense capabilities for participating state and national cyber forces. By having the ability to inform incident response at the state and local levels, the BDP allows USCYBERCOM to better combat foreign activity.
“The CNMF, via the National Guard, may enable states to quickly identify additional indicators of threats, which then states can then implement and defend themselves quicker than ever before,” Kinch said. “That’s going to be a huge collective win for us all.”
Additionally, the BDP provides all participants access to previous malware reports and states’ submissions in order to proactively employ and improve their cyber defenses.
“The Cyber 9-Line is still in its infancy, but after standing up this program a few months ago, we have already [seen an impact],” said U.S. Air Force Lt. Col. Jeff Pacini, CNMF Future Operations Deputy Chief. “Ultimately, the goal is to provide mutual support to each other.”
Impact on Election Security and Beyond
The implications of Cyber 9-Line go beyond diagnosing ransomware: the implementation of the Cyber 9-Line plays a key role in the whole-of-nation effort to defend elections from foreign interference.
“A consistent message we hear in our engagements with the election security community is a desire for more robust and timely exchanges of information – we need their insights and they need insights from the intelligence community and U.S. Government,” said David Imbordino, NSA’s Election Security Group lead. “The Cyber 9-Line has been an excellent step to improve that issue.”
Cyber information provided through the National Guard units contributes to NSA and Intelligence Community insight-driven operations, allowing CNMF teams to pursue bad actors on foreign partner networks. The data ingested into the BDP through the Cyber 9-line notifies USCYBERCOM’s “Hunt Forward” operations. This is one way the agency and the command are imposing time, money, and access costs to disrupt and disable the adversary’s capabilities to impact U.S. elections.
Cont…
https://www.cybercom.mil/Media/News/Article/2213264/cyber-9-line-improves-cybersecurity-and-enables-election-integrity/