The top cyber agency touts major steps forward
The federal government’s top cyber agency is finally getting the tools it needs to spot and thwart hacking threats in real time.
During the past year, the Cybersecurity and Infrastructure Security Agency (CISA) has deployed or updated a suite of monitoring tools that — essentially for the first time ever — give the agency broad visibility into hacking threats across most of the civilian government.
CISA says it has also expanded its authority to force agencies to fix digital vulnerabilities before hackers from Russia and elsewhere can exploit them.
“This really is the first time that CISA and federal agencies have had this level of visibility and we’re really excited for how we can use it both operationally and … in understanding and measuring federal cybersecurity risk,” Eric Goldstein, CISA’s executive assistant director for cybersecurity told lawmakers during a hearing yesterday.
The hearing of the House Homeland Security Committee’s cyber panel was tied to the first anniversary of an executive order from President Biden that jump-started a lot of the advances.
The upgrades mark a significant turning point for the federal government, which has always struggled with cybersecurity even as it’s a prime target for some of the world’s most sophisticated hackers backed by Moscow and Beijing.
The developments have been in the works — in some form or other — for years. But they got a major kick in the pants about 18 months ago when the government was caught flat-footed by the massive Russian espionage hack dubbed SolarWinds, which compromised reams of data from numerous federal agencies.
- Since Biden’s order, CISA has installed tools to detect hacking threats on computers and servers at 15 federal agencies. This is called “endpoint detection and response” (EDR) and it’s widely viewed as far more effective than merely monitoring for threats as they enter an organization’s network.
- CISA is in the process of installing those endpoint detection tools at 11 other agencies now. It expects to have them installed or in the process of being installed at 53 total agencies by the end of September. That’s slightly over one-half of all federal government agencies.
- “In implementing its EDR initiative, CISA has prioritized those agencies affected by the SolarWinds compromise and most have or are in the process of setting up EDR on their networks,” Goldstein told me after the hearing.
- The agency has also signed or updated agreements with all federal agencies to collect a separate set of cyberthreat data from their computers — a system called continuous diagnostics and mitigation — and is feeding that data back to most large agencies to help them spot and deal with the biggest threats.
That’s a huge advance from about half a decade ago when CISA’s predecessor agency had limited insight into the most dangerous bugs targeting government agencies and lacked the authority to force them to protect against bugs it knew about.
But there’s anxiety the fixes might not keep pace with the mounting cyberthreat — or that government agencies will grow less focused on cyber protections if the threats are out of the news for a while.
The government has made previous sprints to improve its cybersecurity but still remained behind the curve — most notably after discovering a mammoth 2015 breach at the Office of Personnel Management that compromised the personal information of more than 20 million current and former federal employees.
“We must ensure that we don’t lose focus and momentum this time,” Rep. Yvette D. Clarke (D-N.Y.), chair of the Homeland Security Committee’s cyber panel said during yesterday’s hearing.
There are also big cyber challenges that are unique to government.
- First off, government’s sheer size makes it difficult to secure. It’s far larger and more diverse than any large corporation.
- Government agencies also generally developed their technological infrastructure in a haphazard way over decades and — in the early days, at least — with little thought for cybersecurity.
- Agencies are also bedeviled by outdated legacy tech systems that are often too old to adequately patch for cyber vulnerabilities.
Trial of cybersecurity lawyer in Trump-Russia case begins
The case is a major test for a Trump-era investigation focused on whether the FBI unfairly investigated Trump’s 2016 campaign over alleged Russian connections. It’s the first case brought by special counsel John Durham as part of that investigation that’s gone to trial.
Details: Prosecutors say cybersecurity lawyer Michael Sussmann told the FBI that he wasn’t working for a particular client when he brought agents computer data showing potential communications between Trump’s company and a Russian bank. The FBI decided that the data wasn’t suspicious, but prosecutors have accused Sussmann of lying by not telling them he was working for Hillary Clinton’s presidential campaign and tech executive Rodney Joffe, Devlin Barrett reports.
“Sussmann has denied the charge,” Devlin writes. “His lawyers insist he never meant to mislead the FBI. And they say a lie about who his clients were would be irrelevant, because the FBI already knew he worked for Democrats.”
Lawyers gave opening statements in the case yesterday. The trial is scheduled to last two weeks.
Another vendor is selling data that’s raising alarms about tracking women who have abortions
The data marketplace Narrative sells lists that could identify mobile devices that have installed popular apps for tracking periods, Motherboard’s Joseph Cox reports. That data – though it’s anonymized – could be combined with other data to help law enforcement agencies identify the apps’ users if abortion becomes illegal in some circumstances.
Context: Apps and services that cull such data are raising alarms in the wake of reports that the Supreme Court could be prepared to strike down Roe v. Wade, clearing the way for some states to make abortions illegal.
“Narrative isn’t the company that harvests this data from mobile phones,” Cox writes. “Narrative instead acts as a middleman and makes buying access to data much easier and relies on ‘providers’ that source the information.”
Narrative took down data from the Planned Parenthood Direct app, which lets people order birth control, and period tracking apps after Motherboard contacted it.
“No menstruation or pregnancy tracking app install data has ever been purchased through Narrative’s platform before,” the company told Motherboard. “However, in light of potential forthcoming changes to laws regarding women’s reproductive rights, we have updated our policy to remove those data sets from the Marketplace to prevent any potential misuse of the data.”
The company’s terms of service prohibit its clients from using its data for surveillance, investigations or tracking the subjects of its data, Marketplace told Motherboard.
Lawmakers set to vote on cybersecurity bills
The House could vote on two cybersecurity bills as soon as today, the Record’s Martin Matishak reports.
- One, which has already been passed by the Senate, would expand cybersecurity cooperation between the federal government and state and local governments.
- Another seeks to get the federal government to distribute grant money to schools for cybersecurity education.
It’s already been a busy week for cybersecurity legislation on Capitol Hill.
- On Monday, the House passed two cybersecurity bills, one that would enshrine CISA’s President’s Cup Cybersecurity Competition into law and another that requires the Department of Homeland Security to write a report delineating cybersecurity roles across the federal government.
Georgia elections board dismisses allegations of ballot harvesting (Matthew Brown and Amy Gardner)
- Cybersecurity firm CrowdStrike has joined BSA | The Software Alliance as a global member.
- The Senate Health, Education, Labor and Pensions Committee holds a hearing on the cybersecurity of the health and education sectors today at 10 a.m.
- Rep. Michael McCaul (R-Tex.), Rep. Elissa Slotkin (D-Mich.) and Bob Kolasky, a senior vice president for critical infrastructure at Exiger who previously led CISA’s National Risk Management Center, discuss cybersecurity at a Washington Post Live event today at 2:30 p.m.
- The Senate Rules Committee holds a hearing on election administration Thursday at 11 a.m.
- The U.S. Chamber of Commerce hosts a briefing on Russian cyberthreats with FBI and CISA officials Thursday at 2 p.m.
- Deputy Attorney General Lisa Monaco, National Cyber Director Chris Inglis and CISA Director Jen Easterly speak at an Institute for Security and Technology event on the first year of the Ransomware Task Force on Friday at 10:30 a.m.
Thanks for reading. See you tomorrow.