Cyber Operational Collaboration Is Key for the “Next Log4j” Response

Feb 11, 2022
5 minutes
... views

This post is also available in: 日本語 (Japanese)

I was honored to appear earlier this week before the U.S. Senate Committee on Homeland Security and Governmental Affairs to discuss the impact and scope of the “Log4Shell” vulnerability. As part of that, we discussed the key role played by cyber operational collaboration – what CISA director Jen Easterly has described as turning information sharing into information enabling.

Coming from a military background, I am hard-wired to serve a common goal. Our company shares this spirit, and I have found this to be the norm across the entire cybersecurity community. We are truly all in this together.

As we face national-level vulnerabilities at the scale of Log4Shell, it’s more important than ever to create and build on initiatives that allow us to share information and transform it into actionable recommendations that organizations can use to defend against today’s cyberthreats.


Cyber Operational Collaboration: Promising Initiatives for the Cybersecurity Community

The Joint Cyber Defense Collaborative (JCDC), sparked by congressional leadership, is a promising collaboration body of which we are proud to be a founding alliance member.

Its structure provided a body to scramble a snap call the Saturday afternoon after Log4Shell emerged for industry competitors to act as partners with the government to share raw situational awareness.

This can be an exemplar of successful public-private sector cooperation – specifically, the JCDC working as a venue for commercial competitors to act as peers and share rapidly developing situational awareness to help secure our National Critical Functions. We appreciate the commitment from CISA Director Jen Easterly to continue maturing the JCDC and maximize the bidirectional value it brings. We must continue building upon this partnership.

I’m also proud that one of my colleagues, Unit 42 Senior Vice President Wendi Whitmore, was selected just last week to serve on the Department of Homeland Security’s Cyber Safety Review Board alongside other esteemed cybersecurity leaders across government and industry. The CSRB’s first tasking will be determining “key facts related to the root-cause of the Log4j vulnerabilities and exploitation and weaponization of the vulnerabilities.”

In addition to our active participation in the JCDC and CSRB, Palo Alto Networks is a member of the President’s National Security Telecommunications Advisory Committee (NSTAC), where industry can provide advice to the White House and other senior U.S. Government stakeholders on national security policy and technology issues; the Executive Committee of the Information Technology Sector Coordinating Council (IT-SCC), which serves as the principal coordinating body between the Department of Homeland Security and IT sector; and the Defense Industrial Base Sector Coordinating Council (DIB-SCC).

We are also an active participant in the DHS ICT Supply Chain Risk Management Task Force and were pleased to have been selected as a technology partner in NIST’s National Cybersecurity Center of Excellence’s 5G Cybersecurity Project.

Finally, we maintain robust threat intelligence sharing partnerships with DHS, the Cyber Threat Alliance (of which we’re a founding member), the Intelligence Community and across the international community to share technical threat data and collaborate to support government and industry response to significant cyber incidents, like SolarWinds, Microsoft Exchange Server and Log4Shell.

We look forward to continuing our commitment to being integrated homeland security partners and to collaborating with the cybersecurity community as we face the evolving threat landscape together.


Best Practices Remain Vital

As we have these conversations, we cannot lose sight of key security pillars that we know reduce risk. These include:

  1. Accurately understanding your attack surface through the eyes of the adversary.
  2. Promoting common visibility across cloud, endpoint and on premises systems – not having data silos.
  3. Driving industry adoption of Development Security Operations – or DevSecOps – best practices.
  4. Automating security orchestration where possible – particularly as it relates to vulnerability management, incident response and compliance.
  5. And yes, the well-trodden cyber hygiene basics that we know work. We know the consequences. As a society, we’ve simply got to stop driving without our seatbelts in cyberspace.

A quick glance at cybersecurity headlines provides reinforcement why all of this matters. The threat landscape that I spend every day analyzing demands maximum vigilance.

Whether it’s vulnerabilities like Log4Shell, the ongoing ransomware threat, or our dynamic geopolitical environment (as our recently published research on a Russian-linked advanced persistent threat group actively targeting Ukraine reinforces) – cybersecurity will undoubtedly remain a core pillar of our national security posture. Now, more than ever, this demands a whole-of-society approach.

If it feels like Log4Shell is just the latest in a string of vulnerabilities that the cybersecurity community must rally in response to – you are right. That’s why it’s important to look at Log4Shell both as a standalone vulnerability that demands discrete analysis, but also in the broader context of a rapidly evolving cyberthreat landscape. Log4Shell is not the first national-level vulnerability, and it certainly won’t be the last.

Watch Jen’s full testimony in this replay of the hearing.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.