Anne Neuberger, the White House deputy national security advisor for cyber and emerging technologies who is a driving force behind the Biden administration’s cybersecurity executive order issued earlier this month, today noted an initial “disappointment” with Federal network hygiene in a follow-up discussion about the broader aims of the order.
The White House order issued on May 13 presents an extensive list of directions to Federal agencies to improve network security. At the very heart of those are instructions to move to cloud-based infrastructure and zero trust security architectures.
Beneath that, the order tasks agencies with, among other aims: deploying endpoint detection and response technologies on their networks, adhering to a standard cyber incident response “playbook”, sharing cyber information with other agencies, and complying with new cybersecurity event log-keeping requirements.
In remarks delivered today at a Center for Strategic and International Studies (CSIS) event, Neuberger said that work began on the cybersecurity executive order within two or three weeks of the Biden administration taking office.
Asked to comment on her evaluation of Federal network cyber hygiene following high profile cyber attacks on the government revealed since late last year including the SolarWinds Orion attack, Neuberger replied that “one of the disappointments was to really see the state of Federal networks.”
As a result, she said, “we asked ourselves what would measurably [and] quickly reduce the risk of ongoing hacks” with the sophistication seen in the SolarWinds exploit. From that inquiry came the order’s several specific instructions for Federal network operators, she said.
Those include “rolling out endpoint detection across the Federal networks to say, ‘you need to be looking for things at the endpoint, for malicious cyber activity, and then bringing that data back together and asking CISA [the Cybersecurity and Infrastructure Security Agency] to have that data” so they can threat hunt and “find anomalies, and then spread the security across Federal networks,” she said.
Neuberger said the order also calls for Federal networks to encrypt data in motion and at rest, “so that even if a hack occurs, we were protected from sensitive government information being used.”
The order, she said, also calls for “things like a good security operation center (SOC) staff. We really want the Federal government to be a place people want to work, and, and ensuring that SOCs are sufficiently staffed is important.”
She said the requirement for log-keeping is important “so that if a hack occurs, we can see the impact, see what was taken, and get a better sense of the national security impact.”
“Those were the very specific practices which were outlined for the Federal government,” Neuberger said. “Finally, there is the point around the Federal government only buying secure software and setting the standard for what that means.”
Regarding the order’s fairly tight timelines for action – generally spanning only a few months, Neuberger said, “the focus on tight timelines is to say, ‘we’ve really got to stop kicking the can down the road and hold ourselves accountable to get this done.’”
“President Biden came in and clearly articulated that cybersecurity is a key priority for this administration,” Neuberger said. “In the first 100 days of the administration, we clearly saw via a recent set of incidents that there needed to be a key focus on a set of core problems and really push the ball hard on some issues that we hadn’t made enough progress on as a country in the last decade.”
“The first piece was certainly the security of Federal networks and a recognition from both the SolarWinds attack and others that we needed to set aggressive but achievable guidelines to really modernize the cybersecurity of Federal networks,” she said. “The second key piece of that was to say how do we jumpstart the market for secure software” by using the Federal government’s buying power as a motivator, she added.
“The final piece was to say, ‘let’s reduce the risk of incidents happening but if they do, how do we ensure we can respond more quickly and more effectively, and then learn from incidents that occur as well,’” Neuberger said.
Elsewhere in her remarks, the White House advisor singled out CISA for praise, saying that the agency has already accomplished some of its initial actions.
“The team at CISA was superb in that we’ve been working on this executive order pretty much since the second or third week of the administration, and as it was evolving … they said no need to wait until it’s finalized, we see the actions coming, we know they’re really important, we’ll jump in and get started, which was really terrific,” she said.
Asked about the role of cybersecurity in emerging technologies, Neuberger replied, that some of today’s security problems stem from security not being built into them from the start.
“So, with emerging technologies, first we have the opportunity to shape those security standards and use incentives policies” to drive better built-in security, she said.
“The second aspect is we have some key technologies coming online – from quantum to AI – that offer promise and real concerns,” Neuberger said. “For example, a potential quantum computer can undermine the core encryption that underpins cybersecurity … that underpins asymmetric encryption.”
AI, she said, “can potentially more rapidly help us identify and block malicious activity by understanding what is routine on a network and what is potentially malicious and anomalous,” but also can be used to create disinformation, for example.
“A core aspect of an effective national cyber program is thinking carefully about how we reap the benefits of emerging technology, and carefully and thoughtfully manage the risks,” she said.