FORT BELVOIR, Va. –
The Defense Logistics Agency must adapt to the complexities of a rapidly changing global landscape by modernizing its approaches to cybersecurity and supply chain security, William Evanina, former director of the National Counterintelligence and Security Center, told DLA personnel at a recent Warfighter Talk.
During Evanina’s presentation, part of DLA’s Campaign of Learning, he challenged employees to modernize their thinking and operations to protect the agency’s role in supporting the warfighter.
He highlighted the interconnected nature of global threats and emphasized the need for DLA to maintain a heightened state of vigilance.
One example is that adversaries are strategically repositioning offensive measures and countermeasures against the U.S. from the government to the private sector, Evanina said. This is critically important to DLA because the procurement process relies on vendors in the private sector.
“But the complexity of the threat, the persistence of the threat… gets more persistent, more complex every single day,” Evanina said.
Evanina used the examples of Volt Typhoon and Salt Typhoon, cyber threat actors targeting infrastructure and telecommunications respectively, to highlight the sophisticated and unexpected ways adversaries attempt to manipulate the U.S.
If implemented, these efforts could critically disrupt DLA’s movement of goods and services to the warfighter. He urged the audience to research both threats and consider the potential impact on their jobs and personal lives.
“It's really, really important to understand the strategic intent of our adversaries and how they're trying to impact our lives outside the fence lines of a [military] installation,” Evanina said.
Evanina demonstrated his point with a list of some of the largest and most recognizable companies in the U.S. along with several federal agencies, universities and all 50 states. He then asked the audience what they all had in common.
The immediate response was that they all have data, which Evanina said was close, but not correct.
The answer, he said, is that each company has been breached and had significant data removed from their organizations. But in certain instances, the attackers were not after data; they wanted the algorithms.
Access to the algorithms would allow the attackers to better understand internal processes and learn how to disrupt them, he said.
To mitigate these efforts, Evanina recommended practicing good cyber hygiene and proactive risk management. That includes considering what adversaries would want to steal, how they would steal it, what the operational impact would be and then putting measures in place to prevent it.
Returning to the list, Evanina said 90% of the breaches occurred due to a compromised vendor who swam upstream.
Because of this vulnerability, Evanina emphasized the need for compliance standards.
“We're only as good, from a supply chain threat perspective, as our vendors,” Evanina said. “And the vendors have no incentive to get better until we give them incentive.”
This is especially important for larger vendors, Evanina said. He cautioned against becoming reliant on any single vendor or system, as their failure could mean mission failure for DLA and the warfighters they serve.
The recent outages making headline news “is a blinking red light saying we need to do better,” Evanina said. “More importantly, we need to hold them accountable… Think about the shutdown of America for a day because of one company's inability to patch something. Unacceptable to me.”
Exercising capabilities and identifying vulnerabilities on a regular basis and at every level of the organization is critical to stay modern, Evanina said. He recommended developing red teams, which are groups who will act as the adversary and attempt to find vulnerabilities to exploit. Then, using the red teams’ findings, improving processes or security.
“We need to rethink the way we do things from each and every cubicle that we sit in,” Evanina said. “Because the threats are more persistent and aggressive than they've ever been.”
A recording of the event is available to DLA employees on the Campaign of Learning page (a DLA Common Access Card is required).