In the wake of the recent SolarWinds and Microsoft Exchange hacks, the Cybersecurity and Infrastructure Security Agency (CISA) is emphasizing the need to shore up supply chain integrity, adopt a zero trust security concepts mindset, and direct more resources to best address vulnerabilities.
Those are some of the bottom-line takeaways from CISA Acting Director Brandon Wales and Executive Assistant Director for Cybersecurity Eric Goldstein, who answered questions on the state of the country’s cybersecurity needs during today’s House Appropriations Department of Homeland Security Subcommittee hearing on modernizing the Federal civilian approach to cybersecurity.
“I would say that there was a substantial amount of work done on supply chain security over the last several years, including several executive orders focused on improving information, communications, technology supply chains … But there is still more work to be done,” said Wales. “How do we ensure that when the Federal government takes on software from a supplier that that software is free of malicious backdoors? That’s going to take more work.”
Wales offered that supply chain attacks are among the most challenging cyberattacks to address, and that it will take time and creative thinking – as well as resources – to fully address these challenges.
“I would say without a doubt, to accomplish the scale of the mission that we have, we need more resources,” said Wales. “And, in particular, in the area of expanding our incident response capabilities to allow us to offer more persistent hunt capabilities for [defense] and free up our incident response resources to deal with a wide array of cyber incidents that we face on a routine basis.”
The Microsoft Exchange hack, Goldstein said, was perpetrated by Chinese threat actors, but other threat actors are stepping up to exploit the same vulnerability.
“There are multiple threat actors who are going to use that vulnerability to steal information for conducting more significant and potentially damaging and disruptive cyber incidents,” said Goldstein. “So, we are in a race against that threat actor community to make sure that we patch and secure as many systems as possible before more disruptive attacks begin to emerge.”
He suggested that a “kill chain” – stopping intrusions at multiple phases – can help parry attacks if they are unable to prevent the supply chain from being compromised.
The CISA officials also agreed that state and local officials require more support in cybersecurity due to the interconnectivity with the Federal government.
