Addressing cybersecurity in his Feb. 26 statement for the record, “Worldwide Threat Assessment of the US Intelligence Community,” submitted to the Senate Armed Services Committee, Director of National Intelligence James Clapper highlighted a mission threat that the intelligence community must deeply consider as it moves toward greater transparency and engagement with both government and commercial partners.

“Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact,” Clapper wrote. “Overall, the unclassified information and communication technology networks that support U.S. Government, military, commercial, and social activities remain vulnerable to espionage and/or disruption.”

These cyber threats, both internal and external, are orchestrated by independent groups and nation-states who seek to infiltrate combat support agencies like the National Geospatial-Intelligence Agency, an agency that collects, stores and shares vital geospatial information and intelligence affecting the warfighter on the ground, at sea, and in the air.

The recent system breaches at the U.S. Office of Personnel Management are evidence of the increasingly advanced cyber threat, and the impact to more than 21 million people demonstrates the scale this type of unmitigated vulnerability can have on the federal government, its workforce and its mission.

Yet the ability to conduct and support national security operations in an increasing open and transparent online environment — especially for GEOINT — remains a key to the success of the U.S. national security mission.

As NGA continues to adopt cloud-based strategies and collaborate with industry leaders to move more into the open, its level of risk to cyber-attacks increases, and the OPM breach serves as a reminder that adversaries have a vested interest in stealing and exploiting vital government information and intelligence.

To mitigate this threat to the GEOINT mission, NGA’s Cybersecurity Office, under Acting Chief Information Security Officer Matt Conner, works to ingrain sound cybersecurity at the root of the agency’s culture and daily operations to ensure the GEOINT data and products relied on by NGA’s mission partners and analysts are trustworthy and uncompromised.

“Historically, cybersecurity has been a parallel discipline, almost a black art,” Conner said. “We need to build security in and not bolt it on.”

When applied across a massive enterprise, Conner stresses the importance of contextualization, turning an abstract concept into commonplace practice.

“As the Director [Cardillo] is fond of saying, conveying consequence and marrying context with content, we find the ‘so what’,” Conner said. “We’re trying to look at enterprise risk assessment in association with mission areas, not as a [system] number or project X, but on the basis of mission safety. Instead of a pie chart of findings, the team says, ‘NGA’s mission is at risk.”

For NGA, the majority of its cybersecurity expertise resides in the newly merged Office of the Chief Information Officer and IT Services directorate, known as CIO-T. But impactful cybersecurity requires engagement from everyone at NGA — from the analyst to the public affairs officer, with cybersecurity experts continuously partnering with the workforce to mitigate risk and ensure the safety of GEOINT information.

Sara Hood, a cyber-focused GEOINT analyst, said that post-OPM breach, personnel within the Analysis and Source directorates are more aware of the threat and willing to take part in a coordinated effort to secure the network.

She welcomes the idea of cybersecurity officers, system engineers and system administrators building better lines of communication with her team, if for nothing else than to explain the give-and-take in maintaining an acceptably secure and operational network.

“Our work has been so greatly affected,” said Hood, referring to the impacts of recent cybersecurity breaches. “People are very much aware of what could happen if proper security is not followed. We are not only responsible for securing NGA data, but other sources as well. I think we take that for granted sometimes. We are only as strong as our weakest link.”

NGA’s Cybersecurity Operations Cell has worked for more than two years across agency directorates and with external entities like U.S. Cyber Command to detect and deter cyber threats. Complementing the cell, the Cyber Operations branch fights daily to sustain system and policy compliance across enterprise systems, and the Cyber Assessment division’s blue team coordinates and conducts penetration testing to help identify impactful vulnerabilities for mitigation or removal.

CAD deputy chief Mitch Smoot leads the blue team, a direct extension of the CS office’s reach across all NGA programs. Smoot understands the need for greater engagement through program and system lifecycles because his team helps serve this need.

“We work directly with the cyber defenders, the security control assessors, and the system administrators to identify the root cause of vulnerabilities,” Smoot said. “We’ve had a positive influence. We’ve become the finders, the fixers, and the trainers.”

As Conner said, the idea of building in the role of cybersecurity from beginning of system and program development is critical. To do so requires those outside of the cybersecurity workforce to gain a greater desire to incorporate cybersecurity by design, and an understanding of the risks to the GEOINT mission if these best practices are not put in place.

“As NGA analysts, we need to understand there are state and non-state actors ready to utilize malicious tools to deny, destroy, degrade and disrupt our operations,” said NGA cyber- focused GEOINT analyst Bradley Wors. “This should be a constant reminder to the NGA workforce to remain vigilant and grasp the importance of cybersecurity as we continue to rely more heavily on advanced technology in the future.”

Conner is in the process of establishing the interaction that Hood and her team hope for through the Vulnerability Management Panel, a group initiative between CIO-T’s cyber operations experts and cyber-focused representatives from other NGA directorates. The goal of the panel is to help collaboratively frame the massive amounts of collected cybersecurity data for informed prioritization of risk and to allow IT executives to make better-informed funding and resourcing. Analysts like Hood will have the opportunity to work directly with the VMP.

The most vigilant cybersecurity program cannot lock every backdoor opened through negligence or malevolence, so Conner and his CS division chiefs accept a certain level of risk not simply to sustain operations, but also to free resources to consider probable threats and focus on identifying and minimizing the most severe risks. Conner believes the VMP is the right direction to follow.

“Everything is ripe for us to get the attention we need,” Conner said. “All eyes are on us now, and we need to deliver.”

NGA and its employees should remain vigilant in the cybersecurity mission space because, as former CSOC chief Dale North explained, eyes of all types will be on all of “us” for the foreseeable future.

“This is not a short-term problem,” North said. “Short term for the adversary is three to five years; long term is 10 to 20 years. They are looking to develop individuals, find the weak spots. This is how it applies to NGA — everyone is not a [cybersecurity] analyst in our core mission, but everyone sits at a keyboard, from the director to the new pay band 2. That’s our target surface.”