The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet that helps detail factors for choosing a virtual private network (VPN) and secure deployment.
According to NSA’s Director of its Cybersecurity Directorate Rob Joyce, the agencies wanted criteria for being safe online.
“There’s so much effort to be safe online and what we wanted were the criteria for how you do that,” Joyce said during the Aspen Cyber Summit on Sept. 29. “It really came down to two things. One, the selection, making sure you had a reputable product, and to how you locked it down and remove some of the vulnerabilities from that space.”
The guidance here will help leaders at the Department of Defense (DoD), National Security Systems, and Defense Industrial Base (DIB) understand risks associated with VPNs. The guidance “details considerations for selecting a remote access VPN, as well as actions to harden the VPN from compromise.”
Going forward, Joyce said that NSA wants to be ahead of incident response and secure weapons systems and platforms for DoD. Joyce said that it is a priority to modernize weapons and capabilities to the necessary levels needed.
“These things are often wings with computers strapped to them,” Joyce said. “Floating computers, flying computers, exploding computers, and we haven’t always treated them as things that we had to protect like computer networks. And so now the instrumentation, the protection, the modernization is really a high priority.”
Additionally, through the Cybersecurity Collaboration Center, NSA has started activities over the last nine months to disrupt at scale and to help contribute to bigger defensive outcomes that scale beyond the DIB.