At a glance.
- CISA's role in securing networks (and the tools it has).
- A jobs plan as a cyber plan.
- Industry observers applaud bipartisan support for cybersecurity bills in the US House.
CISA’s role in securing US networks.
Federal News Network recounts lost opportunities surrounding CISA’s EINSTEIN program. The Department of Homeland Security (DHS) in 2005 declined a pilot NSA resource for identifying and blocking malicious software that might have mitigated subsequent attacks. A 2008 plan to integrate DHS, NSA, and Defense capabilities like EINSTEIN, Continuous Diagnostics and Mitigation, and Automated Indicator Sharing also stalled. CISA struggled with “legal, privacy, and technical” obstacles to scanning other agencies’ traffic, according to insiders, including lack of consent, limited internal monitoring, and difficulty fine-tuning signatures. It remains to be seen whether the latest cyber executive order will have more success breaking down interagency barriers.
Another question Congress and the Administration must answer, former DHS CIO Karen Evans says, is “how far they want CISA to go.” Despite “major developments” in available methods and technologies, former Homeland Security Advisor Tom Bossert explains, inertia persists due to fear of “unintended consequences.”
A Federal News Network interview with CISA Deputy Associate Director Jermaine Roebuck unpacks the Agency’s Hunt and Incident Response Program (CHIRP), which Roebuck describes as a “forensics collections capability” currently tailored to the Holiday Bear breach. CISA “put the most common [TTPS and indicators of compromise] into a package” for the convenience of potentially affected organizations, especially smaller agencies and businesses without the resources to tackle the threat alone. CHIRP also helps the Agency gather data on Holiday Bear’s reach and capacities, and could be retooled for novel incidents in the future. The instrument has been downloaded hundreds of times, and open-sourced so industry experts can check for vulnerabilities.
MeriTalk recaps the CISA Cyber Exercise Act, which, as we’ve seen, would direct the US Cybersecurity and Infrastructure Security Agency (CISA) to set up a National Cyber Exercise Program. The Program would evaluate the country’s readiness for cyber disasters in part via a series of exercises applicable to Federal, state, local, and private entities, and support smaller organizations with running the exercises.
President Biden says his jobs plan is also a cybersecurity plan.
A Fact Sheet put out by the White House highlights the following cybersecurity implications of the American Jobs Plan:
- “Make $20 billion in Energy Infrastructure Investments for State, Local, and Tribal Governments Contingent on Cyber Modernization”
- “Promote a secure network with the…$100 billion broadband investment”
- “Create a new tax credit for transmission infrastructure that will help finance cyber technologies”
- “Safeguard critical infrastructure and grid resilience” with “$2 billion to support micro-grids and distributed energy infrastructure”
The American Rescue Plan, the Administration says, has additional cybersecurity consequences.
Industry observers applaud bipartisan support for cybersecurity bills in the US House.
Cybersecurity experts commented yesterday on the cybersecurity and critical infrastructure protection bills that passed out of committee.
Edgard Capdevielle, CEO of Nozomi Networks, was particularly pleased to see the bipartisan support the measures attracted:
“It’s encouraging to see a bipartisan effort to tackle cybersecurity weaknesses quickly. A true public-private partnership is critical to helping secure our nation’s critical infrastructure.
"These bills focus on programs and funding that strengthen public-private sector collaboration and will help private sector critical infrastructure strengthen their defenses. Additionally, aggressive programs and incentives are needed to help critical infrastructure organizations strengthen their security and help keep threat actors at bay. That includes tax breaks for cybersecurity, in particular, cyber-defense for critical infrastructure.
"We’re on the frontlines, partnering with critical infrastructure and industrial organizations around the world. Those who invest early in strong cybersecurity and resiliency are able to respond faster and with less financial damage to ransomware and other cyber-attacks compared t those who wait until an incident to invest in their defenses.”
Trevor Morgan, product manager with comforte AG, sees hopeful signs of seriousness in Congress:
“The five bills passed by the U.S. House Committee on Homeland Security to improve defensive capabilities against cyberattacks dramatically underscores the level of seriousness that both governments and enterprises need to adopt in the face of mounting cyber-threats. As leaks and breaches wreak havoc on infrastructures, supply chains, and even national security, we all need to understand that cybersecurity isn’t an arcane technical topic just for IT professionals to deal with—we each have a vested interest in keeping our own personal data, our employers’ and customers’ sensitive information, and our infrastructure-centered and national-security secrets safe from harm.
"It starts local with our own data-security-mindedness and then grows from there into a culture of data security in our businesses and governments. Any enterprise that isn’t heeding the U.S. Government’s actions and reassessing their own data security strategy and posture—including investigating more data-centric methods which protect the data itself no matter where it goes or who intercepts it—is being remiss and will be in for a world of hurt if the unthinkable occurs.
"As ongoing incidents and these responses demonstrate, the unthinkable is quickly becoming the highly likely for organizations at all levels.”
And Bassam Al-Khalidi, Co-CEO of Axiad, thinks compliance is bound to become more important under whatever legislations eventually passes. This also means opportunity for the security sector:
“With recent legislation and President Biden’s executive order highlighting the need for modernized cybersecurity, organizations need to start planning for increased compliance in their industries. The Colonial Pipeline attack has put focus on Zero Trust solutions that eliminate passwords and introduce secure multi-factor authentication instead, so it is likely that new standards and regulations will require this technology. New security requirements can be overwhelming for many companies to navigate and implement, that’s why it’s important to choose a knowledgeable security partner that has a solution that meet NIST level security and can be scaled as you deploy new technologies. Organizations need to consider how they will integrate new technologies with their legacy systems, and which solutions will enable their IT team and end-users to manage these new tools in a cohesive way.
"The legislation’s effort to improve the technology modernization fund will be beneficial to cybersecurity across industries, particularly due to its focus in shifting to a secure cloud infrastructure. The recent move of our applications and systems to the cloud has made organizations more agile, but can be increasingly dangerous when you’re moving tools like your credential management to the cloud. If a hacker gains access through host jumping to your credentials, it’s game over. That’s why it’s important to look at dedicated virtual private cloud options. These solutions give you the agility and usability of the cloud and store key material in approved FIPS140-2 Level 2 hardware security module. You no longer need to be part of a shared infrastructure and can be rest assured that your data can’t be accessed and stolen due to the cloud.”