At a glance.
- A harder US line toward Russia over Solorigate?
- Biden Administration's senior officials with significant cybersecurity responsibilities confirmed.
- Comments on the cyber elements of the American Rescue Plan.
- CISA announces efforts to curb ransomware.
US to undertake an extensive review of Russian cyber operations.
The new US Administration is opening with a tough line on Russian cyber operations. The proximate occasion of the policy, the New York Times reports, is Solorigate and Moscow's generally assumed responsibility for that widespread intelligence coup, but it's also prompted by what a White House spokeswoman called Russia's “reckless and adversarial actions.” President Biden has ordered an extensive study of Solorigate, with a view toward determining the of the compromise, whether it was confined to espionage or extended to preparation for infrastructure sabotage, and, finally, what costs should be imposed on the responsible power, presumed to be Russia.
The Administration takes a cyber hard line even as it signals a willingness to revisit a lapsed bilateral nuclear treaty. On balance, though this may be that rare US Administration since the end of the Second World War not to open its tenure with expressions of desire to forge markedly better relations with Russia (née the Soviet Union).
New US Administration's senior cybersecurity leaders.
The Washington Post describes Avril Haines's confirmation as Director of National Intelligence, and the New York Times has an account of Lloyd Austin's confirmation as Secretary of Defense. And Reuters reports that Obama Administration alumnus Rob Silvers is likely to be appointed Director of CISA, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
A proposed infusion of cash into US Federal cybersecurity programs and agencies.
The proposed COVID-19 relief package (the "American Rescue Plan") includes a significant allocation of funds, nearly $10 billion, for cybersecurity and information technology programs, TheHill reports. The money would go to the Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) for new cybersecurity and IT shared services.
Industry reaction has been predictably positive, and the proposal is seen as an opportunity to remediate some of the damage Solorigate worked. We heard from Exabeam's vice president and chief security strategist, Stephen Moore, who wrote:
“In the coming months and beyond, attackers will likely increase efforts to compromise legitimate U.S.-based Infrastructure-as-a-Service (IaaS) accounts and associated environments to launch new attacks. President Biden’s new proposal of a funding injection to shore up the US’s cybersecurity capabilities should hopefully allow our country to better remediate some of the issues in improving security monitoring and incident response across the government.
"The credential, its entitlements, and its behavior is the new perimeter. Organizations who lack the capabilities to detect access-related attacks across IaaS and related cloud platforms are at a significant operational disadvantage.
"Having tooling to understand ‘normal,’ backed by machine learning, will yield the best result for the service owners and security teams. Using this approach is faster and makes it easier to find anomalous and suspicious user and device behavior. Algorithms can baseline normal behavior in an environment, then alert the security team whenever unusual, ‘out of the norm’ activity occurs.
"An increasingly important adjunct is to illuminate behavior within prebuilt incident timelines to display the full scope and context of security events. The goal should always be to eliminate the need for analysts to comb through massive amounts of data to create a timeline for the investigation manually. As a result, analysts will detect problems sooner and reduce the time that attackers are dwelling in a network environment, thus significantly reducing the devastating impacts of compromise.”
CISA intends to do something about ransomware.
CISA has announced an effort, mostly educational and informational, to help reduce the risk of ransomware. The campaign, which has a particular focus on COVID-19 responders and K-12 schools, features a "new one-stop resource at cisa.gov/ransomware." That page holds four classes of resources useful in reducing the risk of ransomware:
- "Alerts and Statements: Official CISA updates to help stakeholders guard against the ever-evolving ransomware threat environment. These alerts are geared toward system administrators and other technical staff to bolster their organization’s security posture."
- "Guides and Services: Tips and best practices for home users, organizations, and technical staff to guard against the growing ransomware threat."
- "Fact Sheets and Infographics: Easy-to-use, straightforward information to help organizations and individuals better understand the threats from and the consequences of a ransomware attack."
- "Trainings and Webinars: This information provides technical and non-technical audiences, including managers, business leaders, and technical specialists with an organizational perspective and strategic overview."