Using Counterintelligence to Protect the Cyber – Physical Gap

The recent Wall Street Journal article, “U.S. Secret Service, CISA Host Cybersecurity Training for Critical-Infrastructure Directors” (Rundle, 2024), highlighted the need to understand the often-overlooked network penetration risks that exist beyond standard cybersecurity protection tools and methods. While the article focused on critical infrastructure companies, the theme of direct board and executive engagement in the organization’s cybersecurity posture, including tangible risk mitigation strategies, applies to every company.

Like any burglar, cybersecurity threat actors seek to exploit the most vulnerable, least protected points of access beyond the edge of a company’s cybersecurity protection. These often include home router security flaws, travel and public domain vulnerabilities, and remote device exploitation methods targeting board members, senior executives, contract, and legal personnel.

To improve overall resistance to these access approaches, organizations must make the job of the criminal more laborious and inefficient. Industrial level access and exploitation initially relies on automation to identify vulnerabilities in targeted companies and personnel.

The tactics, techniques, and procedures of intelligence operations should also be used to counter the actions of sophisticated threat actors. This straightforward framework is transparent to executives and board members, but effective in lessening the threat of espionage to corporations.

Effective means of enhancing cybersecurity risk mitigation include:

• Lessening the broadcasting of individual technology and data vulnerabilities

• Monitoring known avenues of access (both digital and physical)

• Bringing the protection and auditing functions of this second order risk under the purview of company security programs

Assessing, creating, and implementing a Total Risk Mitigation program requires a blend of knowledge in cybersecurity, physical security, and intelligence operations. While technology will play a role in closing off access to critical personnel, it is only a supporting element. A change of mindset to perceiving your risk from the adversary’s point of view is the crucial component.

Effective risk mitigation strategies require close collaboration between the Chief Information Security Officer (CISO) and the Chief Physical Security Officer (CPSO). Vulnerabilities in the physical domain expose the cyber domain to attack, and vice versa. Taking a holistic approach to risk mitigation results in better deterrence, prevention, detection, and protection outcomes.

What are the risk mitigation processes in place to protect your board members, senior executives, contract and legal personnel? How do the respective third party risks in these processes impact access to these critical business personnel? Do you have the necessary protocols in place to account for this indirect business operational risk?

--

Article - U.S. Secret Service, CISA Host Cybersecurity Training for Critical-Infrastructure Directors By James Rundle Jun 18, 2024 03:29 p.m. ET

‍

John Lenkart is a retired FBI Special Agent/Senior Executive Service and certified intelligence officer with over twenty years of experience in federal law enforcement, counterterrorism, and counterintelligence operations. He has significant domestic and overseas experience in advancing programs from concept to implementation, supporting close access operations, supply chain, and mitigating risk to critical infrastructure. He has designed and led programs countering national security threats in critical commercial sectors, collaborating extensively with military, Intelligence Community and US regulatory agencies. John also has extensive knowledge of U.S. Title 10, Title 18, and Title 50 FISA authorities and regulatory compliance frameworks as related to critical infrastructure sectors. He is a co-founder of a cybercrime prevention software company. John is a Senior Advisor for CSA, and in his work for CSA, he bridges the cyber and physical protection domains, assuring more effective risk mitigation and corporate protection outcomes.

‍