Ransomware, Russia, China, Iran and North Korea are the top cybersecurity threats that will be the focus of a new division within the National Security Agency (NSA), the Cybersecurity Directorate, which is set to be operational on October 1, according to NSA director of cybersecurity Anne Neuberger. She was tapped in July by Director General Paul Nakasone to head the group. The Directorate aims to bring the agency\u2019s foreign intelligence and cyber operations together and \u201coperationalize [its] threat intelligence, vulnerability assessments and cyber defense expertise,\u201d the agency announced when launching the new division.\u201cNSA really had to up its game,\u201d Neuberger said in a fireside chat with Niloofar Razi Howe, cybersecurity venture investor and executive at the Billington Cybersecurity Summit in Washington on September 4. \u201cAnd that's what drove this desire to stand up a directorate and frankly to set a pretty aggressive mission, which is to prevent and eradicate cyber actors from national security systems and critical infrastructure with a focus on the defense industrial base.\u201dIn terms of the threats, \u201cClearly ransomware is the focus. We've seen there are roughly 4,000 ransomware attacks a day,\u201d Neuberger said. \u201cWhen we look at Russia, we see a country that uses influence operations, uses cyber [that is] really integrated and below the level of armed conflict. They also use entities who aren't necessarily tied to the government, whether the Internet Research Agency for potential elections influence or mercenaries to fight military conflicts in Ukraine or Syria.\u201dEach nation-state threat is uniqueChina has its own unique approach to how the country uses cyber threats to achieve its national security and military objectives, Neuberger said. China\u2019s cyber threats are exemplified by three different and wholly distinct types of operations: the 2015 theft of 21.5 million records from the Office of Personnel Management, the hacking campaign known as Cloud Hopper that targeted eight of the world\u2019s biggest technology service providers, and ongoing theft of intellectual property such as when Chinese intelligence and business insiders sought to steal information related to a turbofan engine used in commercial airliners.Iran is very volatile and uses destructive attacks in its own region primarily, Neuberger said. \u201cNorth Korea always fascinates us as essentially a nation-state criminal, as a country under sanctions using creative ways of cyber, whether it's crypto currency, whether it's cryptomining to gain hard currency and essentially keep the regime afloat.\u201dSocial media makes influence operations easierNeuberger previously headed the agency\u2019s \u201cRussia Small Group,\u201d a joint NSA-Cyber Command task force to combat Russian election interference and influence campaigns. The task force \u201cwas stood up out of a realization that something had dramatically changed and we had to reboot our approach as a US government,\u201d Neuberger said.\u201cNow influence operations have been around since the days of Adam and Eve, but what really changed was the age of social media,\u201d she said. Not only could an adversary send out broad messaging, but it could also target disinformation to particular ethnic groups, particular elements of a country, and do it in a \u201cpretty cheap way\u2026looking as if one is an American.\u201d\u201cSo, we realized that it took a more creative approach to protect our democracy. In the Russia Small Group, we worked closely with the DHS and FBI to ensure that from a cyber perspective they had all the threat information we had in a way that can be quickly actionable\u201d Neuberger said. \u201cWe're tremendously proud of the work we did between NSA, Cyber Command, DHS and the FBI to defend the integrity of our elections and ensure that every American know that their vote counted and their vote matters.,\u201d referring to the Russia Small Group\u2019s efforts to protect the 2018 midterm elections.When it comes to warding off 2020 election threats, the Directorate will take the same approach the Russia Small Group applied in the 2018 elections. \u201cEnsure there is threat intelligence, gain those insights, share that intelligence, and be prepared to impose costs on an adversary who may attempt to influence our elections,\u201d Neuberger said. \u201cWe will do the same work that we did in 2018 looking to see who are the actors seeking to shake confidence in the integrity of our elections, and share that with the FBI.\u201dRansomware could disrupt US electionsRansomware has emerged as a bigger threat to the election infrastructure than it has before. The recent shift ransomware attackers have taken from targeting individuals to targeting entities is \u201ccertainly something that would make it be a key concern for the elections. The best protection is the same security advice we give: ensure one uses principles of least privilege [and] computers with admin access shouldn't have access to the Internet at all times.\u201dNSA to partner with other agencies, private sectorPartnering with other government agencies and private sector companies and organizations will be a major focus of the Directorate. \u201cEverything we do, we do in partnership with other agencies, with allies around the world and certainly the private sector plays a role,\u201d Neuberger said, noting that she wants to unify all the various communities involved in cybersecurity to enhance collaboration and focus on the hardest cybersecurity problems.\u201cPartners are key; they are the root of everything we can accomplish,\u201d she said. Among the partners the Directorate plans to include in its efforts are the Department of Defense, Cyber Command, DHS, the acquisition community, U.S. allies and certainly the private the sector. \u201cThe private sector is often the first indicator of a significant threat or a significant compromise.\u201dThe goal is to push out as much unclassified information as possible and bring together all the elements that are needed to quickly identify and head off threats. \u201cIdeally, we are sharing the threat information to prevent an attack, to prevent exploitation rather than being part of a team that helps with incident response,\u201d Neuberger said.Although the Directorate doesn\u2019t have a \u201cmoonshot\u201d objective as it begins operations, one goal is to address the \u201crampant abuse of Internet infrastructure,\u201d Neuberger said, particularly protecting the Domain Name System (DNS), the naming system underlying the Internet which has been subject to increasing attacks and redirections by malicious actors.\u201cDNS is a key way that adversaries use for command and control for exploitation,\u201d she said. Neuberger would like to see efforts such as the UK\u2019s NCSC\u2019s Protective Domain Name System, which was built to thwart the use of DNS for malware distribution and operation, more widely used. The Directorate can help by adding or contributing threat information to make those services even more effective.The Directorate can serve to interconnect these efforts so they could communicate beyond internet transactions. \u201cIf we could achieve that, it would have even broader impact beyond cybersecurity."