Millions of Covid relief funds will be used for federal cybersecurity efforts

by



[ad_1]

“[I]t reflects recognition by this administration of the urgency to improve cybersecurity, ”said Cyber ​​Chief Eric Goldstein of the Agency for Cybersecurity and Infrastructure Security, adding that it will provide funding before the next cycle budget, given the current threats facing federal networks.

The funding comes as CISA, a Department of Homeland Security agency founded under the Trump administration, grapples with the fallout from two recent cyber breaches. Congress, Goldstein said, included $ 650 million in the $ 1.9 trillion Covid relief bill for CISA’s cybersecurity risk management programs.

Goldstein, a senior politician, said the funding stems from federal agencies providing services “directly or indirectly related to our country’s ability to recover from the pandemic.” In an interview with CNN, he also highlighted an increase in remote working during the pandemic, which has created a dependency on cloud computing and therefore increases the need for security tools.

Last week, Microsoft reported that a sophisticated group of hackers linked to China had exploited its popular email service that allowed them to access computers.
CISA and the FBI issued an alert on Wednesday that there are potentially “tens of thousands” of systems in the United States vulnerable to the breach. The alert was intended to “further amplify” the need for organizations to implement the directions of CISA’s recent emergency directive, as well as advice from Microsoft, Goldstein said.

About 90 percent of the federal government’s Microsoft Exchange Server instances were mitigated as of Wednesday, according to Goldstein, who noted that there is no confirmation yet that an agency has been “compromised.”

The agency also continues to help agencies deal with the devastating breach in SolarWinds’ supply chain linked to an alleged Russian spy campaign.

The number of affected entities remains the same, Goldstein said. At least nine federal agencies have been targeted and at least 100 private sector companies have been compromised, the White House previously confirmed.

CISA acting director Brandon Wales said earlier Wednesday the agency continued to believe the SolarWinds breach was “largely a spy operation” to gather information, largely based on the mail. Microsoft Office 365 electronic for agency staff.

During a House Appropriations Committee hearing, he said he was “extremely focused”. According to Wales, there were typically only two dozen individuals in an agency who were targeted as part of this campaign.

CISA has “no evidence at this time” that the actor did anything other than steal information, Wales said.

Representative Lucille Roybal-Allard, chair of the House Appropriations Subcommittee on Homeland Security, said on Wednesday that the SolarWinds incident, the compromise of Microsoft Exchange servers and the recent attack on an IT processing facility water in Florida demonstrate that cybersecurity breaches are no longer isolated incidents.

“Networks are an emerging battleground for the public and private sectors,” she said.

The CISA recently launched pilot programs to improve the visibility of federal civilian networks, which are used as “proofs of concept” to determine which combination of capabilities will prove most effective. The goal is to be able to continuously analyze agency security data to proactively identify adversary activity “much faster than we can do today,” Goldstein said.

Part of the pilot project is to deploy additional endpoint detection and response tools on government agency networks, which would allow proactive blocking of malicious activity. Another way is for agencies to provide CISA with access to their security data, primarily logs, for analysis of that data.

CISA works with specific agencies on the most effective tools or combinations of tools and enabling “persistent hunting activity”. Goldstein declined to name the agencies involved in the effort.

Currently, CISA primarily conducts threat research and other response to an incident after an intrusion has been identified.

“Where we want to go is really to go so early in the process, so that we are constantly performing this type of threat hunting activity and can identify the activity of the adversary, ideally, in a very short period of time after an initial intrusion, “he said.

[ad_2]

Source link