At a glance.
- CISA issues superseding Solorigate guidance.
- NSA Cybersecurity Director to join the National Security Council.
CISA issues superseding Solorigate guidance.
Yesterday the Cybersecurity and Infrastructure Security Agency (CISA) announced the publication of Emergency Directive (ED) 21-01 Supplemental Guidance version 3, which supplants versions 1 and 2 along with ED 21-01 Required Action 4. The NSA has cleared SolarWinds Orion Platform 2020.2.1 HF2, as we’ve seen, and CISA now prescribes a rebuild for affected agencies with no further indicators of compromise. Those with further indicators of compromise should not reconnect SolarWinds without CISA’s go-ahead. Supplemental Guidance version 2 directed unaffected agencies—those that never used affected versions of the software—to upgrade to (at least) 2020.2.1 HF2.
The Agency also amended AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations with novel intelligence and recommendations. CISA advises all organizations using SolarWinds, public and private alike, to review the updates.
Yesterday’s Alert also addresses the findings security firm Volexity reported December 14th in its discussion of an operation they called "Dark Halo." “Volexity has also reported publicly that they observed the APT using a secret key that the APT previously stole in order to generate a cookie to bypass the Duo multi-factor authentication (MFA) protecting access to Outlook Web App (OWA). Volexity attributes this intrusion to the same activity as the SolarWinds Orion supply chain compromise, and the TTPs are consistent between the two. This observation indicates that there are other initial access vectors beyond SolarWinds Orion, and there may still be others that are not yet known.”
NSA Cybersecurity Director to join the National Security Council.
The Biden Administration has selected “widely respected” NSA Cybersecurity Directorate Director Anne Neuberger for a new cybersecurity position on the National Security Council, Politico reports. As Deputy National Security Adviser for Cybersecurity, she will oversee Federal cybersecurity initiatives, most likely including the Solorigate response. Neuberger served as the NSA’s first cybersecurity director and brings over a decade of Agency experience, having formerly served as its first Chief Risk Officer, where The CyberWire reported she managed compromise, intelligence failure, disclosure, and compliance risks.
A representative of the President-elect commented that cybersecurity will be “a top priority” for the new Administration. The CyberWire previously noted Neuberger’s view of key concerns like public-private information sharing, quantum-resistant cryptography, abuses of anonymity and cryptocurrency, ransomware, and China.