As cyber threats grow more sophisticated and pervasive, protecting digital infrastructure has become a critical concern for governments, businesses and individuals. Morgan Adamski, the Executive Director of U.S. Cyber Command, discussed the importance of staying vigilant against cyber threats at the 2024 ACFE Government Anti-Fraud Summit. With a background as a senior executive at the National Security Agency (NSA), Adamski enlightened attendees on U.S. Cyber Command’s missions, the strategic cybersecurity threat environment and the importance of public-private partnerships in enhancing national security.

Adamski opened the session by introducing U.S. Cyber Command, often referred to as CYBERCOM, as one of the 11 combatant commands within the Department of Defense (DoD). CYBERCOM is a functional combatant command responsible for the cyberspace warfighting domain, which operates continuously, reflecting the continuous nature of cyber threats. The command consists of approximately 25,000 personnel, including more than 130 cyber teams, engaged in various missions to defend against malicious cyber actors.

One of the key missions of the U.S. Cyber Command is to defend the nation from cyber threats. This is accomplished through operations such as “Hunt Forward Operations” (HFOs), where highly skilled cyber operators collaborate with international partners to expose and mitigate malicious cyber activities. Since 2018, Cyber Command has executed more than 75 deployments to more than 30 countries, enhancing its understanding of adversaries’ tactics and techniques.

Public-Private Partnerships in Cybersecurity

Adamski highlighted the critical role of partnerships in cybersecurity. The collaboration between U.S. Cyber Command, NSA and private sector partners has been essential in hardening billions of endpoints against nation-state actors. She stated, “In order for us to really move at cyberspace speed, we have to take our unique insights both from intelligence and technical expertise and get that into the hands of people who can actually action and do something.” The ability to share intelligence rapidly with private sector companies enables them to validate and protect their platforms, creating a more secure environment for all.

The Threat Landscape

As the session progressed, Adamski delved into the challenges posed by various nation-state actors, particularly the People’s Republic of China (PRC). The PRC is identified as a significant threat in cyberspace, employing a sophisticated and expansive cyber operations workforce. Adamski emphasized that the PRC’s cyber activities represent a generational challenge, stating, “They have deployed cyber forces at a daunting scope, scale, sophistication and speed. One that we will not be able to outnumber.”

She continued to highlight other notable threats including Russia, Iran and North Korea, each posing unique challenges to cybersecurity. Russia’s ongoing aggression in Ukraine, Iran’s increasing expertise in cyber operations and North Korea’s growing cyber force were all highlighted as critical concerns for U.S. Cyber Command. Additionally, the rise of non-state actors and cybercriminals, especially in the realm of ransomware, has created a persistent threat landscape that requires continuous vigilance.

Proactive Measures for Cyber Protection

Adamski dedicated a significant portion of the session to discussing basic cybersecurity principles that individuals and organizations should adopt to protect themselves. Morgan emphasized the importance of proactive measures, such as regularly updating devices, employing multi-factor authentication and being cautious with online activities. She underscored the need for continuous training and awareness to combat the evolving tactics employed by cyber adversaries.

Additionally, she touched on the vulnerabilities associated with home routers, explaining how adversaries exploit these devices to gain access to critical infrastructure. The session underscored the importance of individual responsibility in maintaining cybersecurity, particularly in ensuring that home networks are secure and updated regularly.

The Collective Responsibility of Cybersecurity

While addressing questions from the audience, Adamski provided insights into the collaboration between U.S. Cyber Command and other military branches, such as Space Command. The integration of cybersecurity measures across different domains is vital for a comprehensive defense strategy. She addressed concerns regarding social media platforms like TikTok, emphasizing the risks associated with sharing personal information that could be exploited by malicious actors.

Morgan Adamski’s session was a stark reminder of the dynamic and complex nature of cybersecurity. As cyber threats continue to evolve, collaboration between government agencies, private sector partners and individuals will be crucial in developing effective strategies to mitigate risks.  Adamski’s insights reinforced the notion that cybersecurity is a collective responsibility that requires ongoing awareness, education and innovation. As she summarized, “We need to think differently about what we defend and how we defend it.” As we navigate the digital landscape, staying informed and proactive will be the key to safeguarding national security in the face of cyber threats.