Articles

SolarWinds, Exchange attacks revive calls for mandatory breach notification,…

Strong two-way communication between government and the private sector combined with a clear national breach notification policy will put a dent in cybercrime, experts say.

On the heels of three major cybersecurity incidents over the past six months—the SolarWinds and Microsoft Exchange supply chain attacks and the Colonial Pipeline ransomware attack—government officials and some in the private sector are reviving calls for better information sharing and national breach notification requirements.

“We seem to talk endlessly about information-sharing,” Michael Daniel, president and CEO of the Cyber Threat Alliance, a nonprofit that enables cybersecurity providers to share threat intelligence, said during a presentation at the RSA Conference last week. “Virtually every cybersecurity panel study or review for the last half-century seems to have an information-sharing recommendation in it. No one is really against information sharing in theory. Yet, information sharing never seems to quite work.”

“One of the reasons that companies feel uncomfortable talking about cybersecurity incidents or sharing information about cybersecurity incidents…is because they’re worried that somebody’s going to say, ‘Ha! You had terrible cybersecurity.'” Daniel tells CSO. “But the issue is that we actually don’t know what’s good or bad cybersecurity.” He calls for a “standard of care,” some better means of actually measuring what good cybersecurity constitutes.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

US sanctions Russian government, security firms for SolarWinds breach,…

The Biden administration places economic sanctions on Russian government organizations, individuals, and companies including several security firms.

The Biden Administration announced a robust, coordinated series of punitive measures to confront Russia’s growing malign behavior, including its massive hack of SolarWind’s software, attempts to interfere with the 2020 elections, and other destructive deeds against the US. The administration’s actions levy financial sanctions on the country and the companies usually involved in malicious cyber activity against the US. It also exposes previously withheld details about the Russian ruling regime’s digital and disinformation operations. In addition to the White House, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Department of Homeland Security, and Treasury Department all play a role in the complex set of actions against Russia.

First, President Biden signed a new sanctions executive order that strengthens authorities to “impose costs in a strategic and economically impactful manner on Russia if it continues or escalates its destabilizing international actions.” Under the EO, the Treasury Department is implementing multiple actions to target “aggressive and harmful activities” against the Russian government, including a directive that “generally prohibits US financial institutions from participating in the primary market for ruble or non-ruble denominated bond issued after June 14, 2021.”

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Alejandro Mayorkas

Experts fear that Biden’s cybersecurity executive order will repeat…

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

Since December, the US has been in a cybersecurity crisis following FireEye’s bombshell that Russian hackers implanted espionage malware throughout US private sector and government networks through the SolarWinds supply chain hack. Despite growing pressure from Congress, the still-new Biden administration has released few details on how it plans to respond to this massive intrusion or the more concerning discovery in January of widespread and scattershot attacks by Chinese state operatives on Microsoft Exchange email server software.

Although the administration reportedly won’t release a formal executive order (EO) addressing these and other cybersecurity matters for weeks, Alejandro Mayorkas, the new head of the Department of Homeland Security (DHS), did reveal that the administration is working on nearly a dozen actions for the order. Meanwhile, some details of the order have leaked, generating mostly skepticism among many top cybersecurity professionals.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Mackenzie Weber on Unsplash

 

Articles

US government calls for better information sharing in wake…

The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.

As the federal government grapples with Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the SolarWinds espionage hack attributed to Russian operatives and the exploits of the Microsoft Exchange server vulnerabilities attributed to China were uncovered by private firms, cybersecurity giant FireEye and Microsoft.

Both attacks originated on servers within the US, placing them out of reach of the National Security Agency’s (NSA’s) powerful detection capabilities, which US law restricts to international activities. The new cybersecurity leadership in the Biden White House is brainstorming methods to establish new early warning systems that combine traditional intelligence agency methods with private sector expertise. The White House announced on March 17 the formation of a task force it calls the Unified Coordination Group consisting of federal and private sector representatives charged with finding a “whole of government” response to the Microsoft Exchange attack.

Reportedly chief among the new approaches is establishing more profound information-sharing methods with the private sector. The concept is to set up a real-time threat sharing mechanism where data could be sent to a central repository and paired with intelligence gathered by the NSA and other intel agencies to provide organizations with more immediate threat warnings.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash

 

Advanced Persistent Threat

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.

The federal government and private sector are still reeling from the SolarWinds supply chain hack, and Congress is on edge as it begins a new term beset by fears of domestic terrorism. It would seem all bets are off in terms of the previous legislative agenda for cybersecurity, at least in the near-term. The relevant committees in the new 117th Congress have yet to weigh in on specific pieces of legislation, but it’s clear that cybersecurity will be a big focus across both the House and Senate.

First, in the wake of the discovery of the SolarWinds breach, the incoming Biden administration committed to making cybersecurity a top priority. Late last week, the Biden team made good on that promise when announcing its Rescue Plan that calls for around $10 billion in cybersecurity spending, including $690 million for CISA to improve security monitoring and incident response at the agency.

One of the legislators leading the fight for cybersecurity legislative initiatives in Congress, Representative Jim Langevin (D-RI), applauded Biden’s push for more cybersecurity spending. “I’m also grateful to see the president-elect pushing for important investments in cybersecurity in the wake of the SolarWinds hack, which has placed a spotlight on the need to act now to protect Americans and our interests in cyberspace,” he said in a statement lauding the overall rescue package.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Advanced Persistent Threat

How to prepare for the next SolarWinds-like threat

It is possible to minimize the risk from nation-state attacks like SolarWinds. This is the best advice based on what experts have learned so far.

The insertion of malware into SolarWinds’ popular Orion network management software sent the federal government and major parts of corporate America scrambling this week to investigate and mitigate what could be the most damaging breach in US history. The malware, which cybersecurity company FireEye (itself the first public victim of the supply chain interference) named SUNBURST, is a backdoor that can transfer and execute files, profile systems, reboot machines and disable system services.

Reuters broke the story that a foreign hacker had used SUNBURST to monitor email at the Treasury and Commerce Departments. Other sources later described the foreign hacker as APT29, or the Cozy Bear hacking group run by Russia’s SVR intelligence agency. Subsequent press reports indicated that the malware infection’s reach throughout the federal government could be vast and includes—only preliminarily—the State Department, the National Institutes of Health, the Department of Homeland Security (DHS), and likely parts of the Pentagon.

Former director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs said in a tweet after news broke of the intrusion, “this thing is still early,” meaning that it will likely be months—possibly years—before the true scope of the damage is known. SolarWinds said that up to 18,000 of its 300,000 customers downloaded the tainted update, although that doesn’t mean that the adversary exploited all infected organizations.

CISA issued a rare emergency directive calling on all federal agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.” The FBI, CISA and the Office of the Director of National Intelligence (ODNI) issued a joint statement acknowledging they established a Cyber Unified Coordination Group (UCG) to mount a whole-of-government response under the direction of the FBI.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by NASA – NASA, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6422993