We had the honor of welcoming Vice Admiral TJ White as a guest on the PrOTect OT Cybersecurity Podcast this week. During his conversation with Aaron, Industrial Defender’s CTO, TJ shared his invaluable insights and experiences as a national security veteran, strategist, and cyber operations expert with over 30 years of experience. He has commanded at every level within the Navy and on joint service, including serving as the commander of US Fleet Cyber Command, US Tenth Fleet, and US Navy Space Command, as well as the commander of the US Cyber National Mission Force of US Cyber Command.
For the full experience of TJ’s perspectives, be sure to listen to the full episode. For quick reference, here is a brief summary:
The conversation started on the importance of taking responsibility for one’s cyber infrastructure. TJ stressed the idea of "commander's business," where commanders should be cognizant and committed to developing a knowledge of their mission, vulnerability, and exposure in cyberspace. Comparing cyberattacks to military campaigns, TJ highlighted the importance of planning and understanding the target system.
The Normandy campaign, a crucial operation in the European Theater of Operations during World War II, required extensive planning and effort to coordinate all the pieces for the successful outcome. Similarly, the Navy placed significant importance on the Battle of Midway campaign, which unfolded over several days. To understand the full picture of these campaigns, one must go back six to nine months to see how all the pieces began to fall into place. This approach is commonly referred to as Target Systems Analysis (TSA).
The Colonial Pipeline ransomware attack is a prime example of how crucial it is to have a solid TSA approach in place in terms of cyber activity. The company's leadership believed that the attack was targeting their IT infrastructure and business operations, but they were unsure if their operational infrastructure (OT) was also at risk or compromised. To err on the side of caution, they made the maximum safe decision assessment: shut down their systems. Had they known or had more confidence in the separation between their OT and IT infrastructure, the incident might have been a fleeting news story, rather than one that is still talked about today.
Given the ever-evolving landscape of cybersecurity threats, it is crucial to maintain a thorough understanding of these risks and adapt to them accordingly. As new threats, actors, and products continue to emerge, it is essential to remain vigilant. TJ discussed the significance of national leadership and attention to cybersecurity, and highlighted how the nation has been working to better comprehend cyberspace throughout the century. Previous U.S. administrations have made contributions towards this effort, with the current administration taking things to the next level by embracing the practice of normalizing operations in cyberspace, adopting the persistent engagement and “defend forward” strategies, and appointing a national cybersecurity director. Despite the progress made thus far, the journey towards achieving strong cybersecurity measures is ongoing, and consistent efforts are required to keep up with the ever-changing nature of cybersecurity threats.
On the challenge of integrating cybersecurity into military operations, it is crucial to have a comprehensive understanding of the military's operational presence in cyberspace, including all control systems. This understanding ensures the continuity of operations capability. The military is making strides in obtaining a coherent instrumentation of their IT stack, with commanders having a single pane of glass through the commander's dashboard. It is also essential to recognize how military assets in remote areas, such as ships in the Pacific or North Atlantic, connect to the rest of the world and how they appear in cyberspace.
The conversation also emphasized the need to protect operational technology (OT) systems because they are linked to physical processes that impact safety and human life. The risks associated with OT are similar to those in the military, and it is essential to flip the perspective to recognize that OT should lead security measures. With the interconnectivity between the digital and physical, continued awareness of OT risks is critical.
TJ closes with some insightful thoughts around the importance of partnering with the private sector and academia to maneuver effectively in cyberspace, acknowledging the agility and potential effectiveness in the commercial world. He urges collaboration and partnerships that help us solve problems faster, and ahead of our adversaries.
This is has been a condensed summary of TJ’s episode on The PrOTect OT podcast. For more, listen here or wherever you get your podcasts.