At a glance.
- Five Eyes issue cybersecurity advisory for MSPs.
- US State Department receives monitoring authority.
Five Eyes issue cybersecurity advisory for MSPs.
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US yesterday issued a joint cybersecurity advisory warning of an increase in cyberattacks targeting managed service providers, or MSPs. The authorities anticipate a surge in malicious cyberactivity from threat actors, including state-backed advanced persistent threat groups, aiming to take advantage of provider-customer network trust relationships. The advisory offers guidance to MSPs and their customers to reduce their risk, and it emphasizes the need for transparency when it comes to informing customers about the security of the data they share with MSPs. In particular, the advisory recommends that MSPs shut down dormant accounts, enforce multi-factor authorization on MSP accounts that access the customer environment, and ensure that MSP-customer contracts clearly identify ownership of information and communications technology security roles and responsibilities. MSPs are also urged to employ the principle of least privilege when it comes to authorizing access to data to administrators, and to segregate internal networks to minimize the impact of intrusion across the organization.
US State Department granted expanded powers on federal cyberoperations.
After a series of negotiations led by the US National Security Council, the US State Department is being given increased powers to monitor and advise on third-party notifications, CyberScoop reports. These notifications are the method by which the government informs other countries of cyberoperations in which the US will enter their cyberspace to defend against adversaries’ cyberactivity. In March, the White House engaged in an “interagency review process” with the goal of revising National Security Presidential Memorandum-13, a controversial Trump-era edict that gave the Department of Defense (DoD) unprecedented power to oversee cyberoperations. Ever since the memo’s creation, the State Department has been pushing for more say in these operations than the DoD would allow. The DoD argued that consulting with other agencies about cyberoperations could unnecessarily slow down the decision-making process, and just last month National Security Agency Director and head of US Cyber Command General Paul Nakasone voiced this concern to Congress. Ambassador John Bolton, Trump’s former national security adviser, says, “If the Biden White House reverses the changes we made to allow more offensive cyber operations, they will be putting America at grave risk.” But opponents of NSPM-13 argue that speed should not be the only priority. Michael Daniel, former cybersecurity coordinator on the National Security Council, explained, “Diplomatic risk (the likelihood a country would believe we have violated its sovereignty while carrying out an operation against an adversary), norm setting (what the U.S. does, every other country can argue it has a right to do as well) and likely effects (physical destruction vs. temporary service disruption vs. adversary loss of access to co-opted infrastructure) should also factor into the decision-making process.”