How the Marine Corps thinks about beating adversaries in cyberspace
There are a lot of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts. But there’s one part of defending against spearphishing in particular that the U.S. Marine Corps Forces Cyberspace Command’s cyber technology officer endorses: context.
For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday.
“Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.”
Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport to be legitimate links or files, but which actually download malware onto victim systems that may enable credential stealing, among other nefarious goals. If the Marine Corps, which runs offensive and defensive operations in cyberspace, loses credentials to adversaries, its mission could be compromised.
To be sure, Spinks’ division sends advisories to employees on spearphishing to protect against adversaries. But baking in an understanding of that mission raises the bar for personnel, and gets them invested in the process, according to Spinks.
“We send out different emails and cautions of ‘Don’t click on this. This is a phishing attempt. They want your data, they will be able to move laterally and bilaterally in your networks,'” Spinks said. “Well what does that mean to your operator? To your end user?”
For the Marine Corps, it’s about “increased lethality,” Spinks said.
“By the way, we’re fighting a war,” Spinks said. “Our intent in cyberwarfare is to always have the keyboards strong so that we can deny, degrade, and in some cases destroy the adversary.”
The Marine Corps component of Cyber Command also works on computer network defense of the Marine Corps Enterprise Network and is responsible for intelligence gathering and analysis, missions which could also be compromised if adversaries gain access to employee credentials.
“The adversary seeks your assets because they need [your staff’s] identities, they need their credentials, they need their systems administrative rights so they can take over and own whatever it is you’re trying to protect — whether that’s weapons systems if you’re within the Department of Defense … [or] covert operations,” Spinks said. “At the end of the day we need access to be able to command and control the network.”