The government is finally getting its own cybersecurity in order
The best cyber agency touts major breakthroughs
The federal government’s top cyber agency finally gets the tools it needs to spot and thwart hacking threats in real time.
Over the past year, the Cybersecurity and Infrastructure Security Agency (CISA) has deployed or updated a suite of surveillance tools that, essentially for the first time, give the agency broad visibility into security threats. hacking in most civilian governments.
CISA says it has also expanded its authority to force agencies to fix digital vulnerabilities before hackers from Russia and elsewhere can exploit them.
“This is truly the first time CISA and federal agencies have had this level of visibility and we’re really excited about how we can use it both operationally and…to understand and measure the federal cybersecurity risk”, Eric GoldsteinCISA’s executive assistant director for cybersecurity told lawmakers during a hearing yesterday.
The House Homeland Security Committee’s cyber panel hearing was tied to the one-year anniversary of an executive order by President Biden that sparked many advances.
The upgrades mark an important turning point for the federal governmentwhich has always fought against cybersecurity even though it is a prime target for some of the world’s most sophisticated hackers, backed by Moscow and Beijing.
Developments have been underway – in one form or another – for years. But they got a kick in the pants about 18 months ago when the government was caught off guard by the massive Russian spy hack called SolarWinds, which compromised tons of data from numerous federal agencies.
- Since Biden’s order, CISA has installed tools to detect hacking threats on the computers and servers of 15 federal agencies. This is called “endpoint detection and response” (EDR) and is widely considered to be much more effective than simply monitoring threats as they enter an organization’s network.
- CISA is in the process of installing these endpoint detection tools in 11 other branches. It expects to have them installed or being installed in a total of 53 branches by the end of September. That’s just over half of all federal government agencies.
- “In implementing its EDR initiative, CISA has prioritized agencies impacted by the SolarWinds compromise and most have or are in the process of implementing EDR on their networks,” Goldstein told me after the interview. audience.
- The agency has also signed or updated agreements with all federal agencies to collect a separate set of cyber threat data from their computers – a system called Continuous Diagnosis and Mitigation – and forwards that data to most major agencies to help them spot and deal with the biggest threats.
This is a huge step up from about half a decade ago, when the agency that preceded CISA had a limited view of the most dangerous bugs targeting government agencies and lacked the power to force them. to protect itself against the bugs of which it was aware.
But there are concerns that the patches will not keep pace with the growing cyber threat – or that government agencies will focus less on cyber protections if threats have been glossed over for a while.
The government has made previous sprints to improve its cybersecurity, but has always lagged behind – notably after discovering a gigantic breach in 2015 in the Office of Personnel Management that compromised the personal information of more than 20 million employees current and former Federals.
“We have to make sure we don’t lose focus and momentum this time,” the rep said. Yvette D. Clarke (DN.Y.), the chairman of the Homeland Security Committee’s cyber panel said during yesterday’s hearing.
There are also big cyber challenges that are unique to government.
- First, the sheer size of the government makes it difficult to secure. It is much larger and more diverse than any large company.
- Government agencies have also typically developed their technology infrastructure haphazardly over decades and – at least initially – without concern for cybersecurity.
- Agencies are also plagued by outdated legacy technology systems that are often too old to properly patch cyber vulnerabilities.
Trial of cybersecurity lawyer in Trump-Russia case begins
The case is a major test for a Trump-era investigation focused on whether the FBI unfairly investigated Trump’s 2016 campaign for alleged Russian connections. This is the first case brought by a special advocate John Durham as part of this investigation, which was the subject of a trial.
Details: Prosecutors Say Cybersecurity Lawyer Michael Susmann told the FBI he was not working for a particular client when he provided officers with computer data showing potential communications between Trump’s company and a Russian bank. The FBI decided the data was not suspicious, but prosecutors accused Sussmann of lying by not telling them he worked for hillary clintonpresidential campaign and tech executive Rodney Joffereports Devlin Barrett.
“Sussmann denied the charge,” Devlin wrote. “His lawyers insist he never intended to mislead the FBI. And they say a lie about his clients’ identities would be irrelevant because the FBI already knew he was working for the Democrats.
Lawyers made opening statements in the case yesterday. The trial is expected to last two weeks.
Another provider sells data that sounds the alarm on tracking women who have abortions
The Narrative Data Marketplace sells lists that could identify mobile devices that have installed popular apps for tracking periods, Motherboard“, reports Joseph Cox. This data – although anonymized – could be combined with other data to help law enforcement identify app users if abortion becomes illegal under certain circumstances.
The context: Apps and services that collect this data are raising alarms following reports the Supreme Court may be ready to overturn Roe vs. Wadepaving the way for some states to make abortions illegal.
“Narrative is not the company harvesting this data from mobile phones,” Cox writes. “Narrative acts more like a middleman and facilitates the purchase of access to data and relies on ‘vendors’ who procure the information.”
Narrative removed data from the Planned Parenthood Direct app, which lets people order contraceptives and period-tracking apps after Motherboard contacted it.
“No period or pregnancy tracking app install data has ever been purchased through Narrative’s platform before,” the company told Motherboard. “However, in light of potential upcoming changes to laws regarding women’s reproductive rights, we have updated our policy to remove these datasets from the marketplace to prevent any potential misuse of the data.”
The company’s terms of service prohibit its customers from using its data for surveillance, investigation or tracking of the subjects of its data, Marketplace told Motherboard.
Lawmakers set to vote on cybersecurity bills
The House could vote on two cybersecurity bills today, the Record“, reports Martin Matishak.
- One, which has already passed the Senate, would expand cybersecurity cooperation between the federal government and state and local governments.
- Another seeks to get the federal government to distribute grants to schools for cybersecurity education.
It’s already been a busy week for cybersecurity legislation on Capitol Hill.
- On Monday, the House passed two cybersecurity bills, one that would enshrine the CISA President’s Cup cybersecurity contest into law and another that would require the Department of Homeland Security to write a report. outlining the roles of cybersecurity across the federal government.
Georgia Board of Elections Rejects Allegations of Ballot Harvesting (Matthew Brown and Amy Gardner)
Have hackers commandeered surveillance robots at a Russian airport? (The daily point)
- Cybersecurity firm CrowdStrike has joined BSA | The Software Alliance as a global member.
Cyber insurers raise rates amid costly hacking (Wall Street Journal)
- The Senate Committee on Health, Education, Labor and Pensions is holding a hearing on the cybersecurity of the health and education sectors today at 10 a.m.
- representing Michael McCaul (R-Tex.), Rep. Elissa Slotkin (D-Mich.) and Bob Kolaskysenior vice president for critical infrastructure at Exiger, who previously led CISA’s National Risk Management Center, discusses cybersecurity at a Washington Post Live event today at 2:30 p.m.
- Senate Rules Committee holds hearing on election administration Thursday at 11 a.m.
- The US Chamber of Commerce is holding a briefing on Russian cyber threats with FBI and CISA officials Thursday at 2 p.m.
- Deputy Attorney General Lisa Monaconational cyber director Chris Inglis and Director of CISA jen easter speak at an Institute for Security and Technology event on the first year of the Ransomware Task Force Friday at 10:30 a.m.
Thanks for reading. Until tomorrow.