April 10, 2025

EP 57 — Cyber Resilience at the Crossroads [Webinar]

48 minutes

The security landscape has radically transformed from counter-terrorism to strategic competition with nation states who are actively positioning cyber assets to disable American infrastructure during potential conflicts. In this vital discussion examining National Security Memorandum 22 (NSM-22), Gen. VanHerck, former Commander of United States Northern Command and North American Aerospace Defense Command, shares that 80% of force projection in any global crisis flows from homeland facilities dependent on civilian infrastructure — from local energy grids to transportation networks, creating an unprecedented vulnerability that adversaries are exploiting daily.

Kevin Phillips, Chairman of the Board of ManTech, provides a rare insider perspective on how nation states have spent decades mapping defense industrial base networks, explaining that it's safe to assume that no matter what size you are, you're on somebody's radar and detailing his 10-year journey implementing zero trust architecture to counter these threats.

Mark Montgomery, Sr. Director & Sr. Fellow at Foundation for Defense of Democracies, delivers the most alarming assessment: China's Volt Typhoon campaign has already embedded malware throughout rail, aviation, ports, and power grids as operational preparation of the battlefield. All this and more on this special episode of DIB Innovators!

Topics discussed:

The transition from cyber espionage to operational battlefield preparation by nation-state actors targeting the 80% of military deployment capabilities that rely on civilian infrastructure, creating a dual vulnerability where domestic critical systems become frontline targets.

Implementing a decade-long zero trust architecture strategy that systematically eliminates technical debt, narrows network footprints, and implements micro-segmentation before attempting advanced security measures—a methodology proven successful at Mantech.

Why China's Volt Typhoon operation represents a fundamental shift in cyber warfare tactics, embedding dormant capabilities throughout transportation, energy and communications networks as part of a deliberate 25-year strategy following the 1995-96 Taiwan Strait crisis.

The critical flaw in NSM-22's approach to critical infrastructure protection through its failure to establish mandatory prioritization criteria for the approximately 500 most vital national assets, while simultaneously dismantling effective public-private collaboration frameworks.

How living off the land attack techniques have evolved to mimic legitimate network traffic patterns, requiring organizations to make network penetration prohibitively expensive through comprehensive identity management and application control rather than relying on detection.

The operational reality that SMBs face existential threats from cyber incidents with only 4-8 weeks of financial float while remediation typically requires 3-4 weeks, exemplified by the $4 billion emergency Medicare advance during the Change Healthcare attack that still resulted in $1 billion taxpayer losses.

The strategic use of cloud services and infrastructure-as-a-service models to maintain current patching and upgrades when internal operations lack capacity, creating resilience against nation-state threats that specifically target update delays and technical vulnerabilities.

Addressing the asymmetric security gap where government would respond to physical attacks on critical infrastructure but companies are left to defend themselves against sophisticated cyber attacks from the same actors, potentially requiring National Guard cyber response teams instead of relying solely on CISA hurt teams.

Brought to you by RADICL — Cybersecurity-as-a-Service purpose-built for small and mid-sized businesses in the Defense Industrial Base. Starting your CMMC journey? RADICL guides and accelerates your compliance—while reducing ransomware and other cyber risks—with a transparent, turn-key solution.

radicl.com/cmmc_solved

...more