NSA Leader Promotes Industry Collaboration on Cyber Issues
The National Security Agency (NSA) is seeking collaboration with the private sector on cybersecurity issues, David Luber, deputy of the Cybersecurity Directorate, said Wednesday at CyberSatGov in Reston, Virginia.
Luber highlighted the agency’s Cybersecurity Collaboration Center, an engagement hub with the private sector. The center is an unclassified location where the NSA can have conversations with companies that are part of the defense industrial base that are supporting national security systems. He described it as an opportunity for a bilateral exchange of information concerning threats and vulnerabilities.
The NSA published cybersecurity technical guidance on protective DNS (Domain Name System) earlier this year, which is available to download from the NSA. Luber said the NSA has received amazing feedback from industry and government end users, continuing the dialogue.
“It’s about that continuous dialogue with corporate private sector partners, and ensuring that we leverage insights and share them across so that we can amplify not only the guidance that we write in the documents, but also have this opportunity to work together as a cybersecurity community,” Luber said. “We are so much stronger if we work these issues together.”
In the rapidly changing cyber domain, this public-private partnership has helped implement concepts like zero trust and other architectural changes to help harden the attack surface, he said, and to respond to threats from China and Russia.
Luber also addressed the issue of quantum resistant cryptography — how to prepare for the development of large-scale quantum computers that would be able to break the public-key cryptosystem. He said this is important to the NSA, but did not share timeline details.
“We’re working on high assurance, cryptographic systems. We also want to ensure that in partnership with [National Institute of Standards and Technology] NIST, there are also commercial algorithms available that are also wanted. It’s a journey that we’re working together, through the U.S. Department of Defense, and also with other parts of government, to ensure our nation has very strong cryptography, in the event that the adversary reaches quantum computing capabilities.”
Correction: The full name of NIST was incorrect in an earlier version of this article. It has been updated.