Articles

SolarWinds, Exchange attacks revive calls for mandatory breach notification,…

Strong two-way communication between government and the private sector combined with a clear national breach notification policy will put a dent in cybercrime, experts say.

On the heels of three major cybersecurity incidents over the past six months—the SolarWinds and Microsoft Exchange supply chain attacks and the Colonial Pipeline ransomware attack—government officials and some in the private sector are reviving calls for better information sharing and national breach notification requirements.

“We seem to talk endlessly about information-sharing,” Michael Daniel, president and CEO of the Cyber Threat Alliance, a nonprofit that enables cybersecurity providers to share threat intelligence, said during a presentation at the RSA Conference last week. “Virtually every cybersecurity panel study or review for the last half-century seems to have an information-sharing recommendation in it. No one is really against information sharing in theory. Yet, information sharing never seems to quite work.”

“One of the reasons that companies feel uncomfortable talking about cybersecurity incidents or sharing information about cybersecurity incidents…is because they’re worried that somebody’s going to say, ‘Ha! You had terrible cybersecurity.'” Daniel tells CSO. “But the issue is that we actually don’t know what’s good or bad cybersecurity.” He calls for a “standard of care,” some better means of actually measuring what good cybersecurity constitutes.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

US sanctions Russian government, security firms for SolarWinds breach,…

The Biden administration places economic sanctions on Russian government organizations, individuals, and companies including several security firms.

The Biden Administration announced a robust, coordinated series of punitive measures to confront Russia’s growing malign behavior, including its massive hack of SolarWind’s software, attempts to interfere with the 2020 elections, and other destructive deeds against the US. The administration’s actions levy financial sanctions on the country and the companies usually involved in malicious cyber activity against the US. It also exposes previously withheld details about the Russian ruling regime’s digital and disinformation operations. In addition to the White House, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Department of Homeland Security, and Treasury Department all play a role in the complex set of actions against Russia.

First, President Biden signed a new sanctions executive order that strengthens authorities to “impose costs in a strategic and economically impactful manner on Russia if it continues or escalates its destabilizing international actions.” Under the EO, the Treasury Department is implementing multiple actions to target “aggressive and harmful activities” against the Russian government, including a directive that “generally prohibits US financial institutions from participating in the primary market for ruble or non-ruble denominated bond issued after June 14, 2021.”

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Alejandro Mayorkas

Experts fear that Biden’s cybersecurity executive order will repeat…

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

Since December, the US has been in a cybersecurity crisis following FireEye’s bombshell that Russian hackers implanted espionage malware throughout US private sector and government networks through the SolarWinds supply chain hack. Despite growing pressure from Congress, the still-new Biden administration has released few details on how it plans to respond to this massive intrusion or the more concerning discovery in January of widespread and scattershot attacks by Chinese state operatives on Microsoft Exchange email server software.

Although the administration reportedly won’t release a formal executive order (EO) addressing these and other cybersecurity matters for weeks, Alejandro Mayorkas, the new head of the Department of Homeland Security (DHS), did reveal that the administration is working on nearly a dozen actions for the order. Meanwhile, some details of the order have leaked, generating mostly skepticism among many top cybersecurity professionals.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Mackenzie Weber on Unsplash

 

Articles

US government calls for better information sharing in wake…

The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.

As the federal government grapples with Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the SolarWinds espionage hack attributed to Russian operatives and the exploits of the Microsoft Exchange server vulnerabilities attributed to China were uncovered by private firms, cybersecurity giant FireEye and Microsoft.

Both attacks originated on servers within the US, placing them out of reach of the National Security Agency’s (NSA’s) powerful detection capabilities, which US law restricts to international activities. The new cybersecurity leadership in the Biden White House is brainstorming methods to establish new early warning systems that combine traditional intelligence agency methods with private sector expertise. The White House announced on March 17 the formation of a task force it calls the Unified Coordination Group consisting of federal and private sector representatives charged with finding a “whole of government” response to the Microsoft Exchange attack.

Reportedly chief among the new approaches is establishing more profound information-sharing methods with the private sector. The concept is to set up a real-time threat sharing mechanism where data could be sent to a central repository and paired with intelligence gathered by the NSA and other intel agencies to provide organizations with more immediate threat warnings.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash

 

Articles

New York issues cyber insurance framework as ransomware, SolarWinds…

The state looks to protect one of its core industries, which is threatened by mounting and potentially “unsustainable” losses due to the SolarWinds and ransomware attacks.

On February 4, 2021, New York became the first state in the nation to issue a cybersecurity insurance risk framework to all authorized property and casualty insurers. In releasing the framework, New York’s Department of Financial Services (DFS) said that “rom the rise of ransomware to the recently revealed SolarWinds-based cyber-espionage campaign, it is clear that cybersecurity is now critically important to almost every aspect of modern life—from consumer protection to national security.”

The framework applies to all property or casualty insurers that write cybersecurity insurance. However, the DFS wants all insurers, even though those that don’t offer cybersecurity insurance, to “still evaluate their exposure to ‘silent risk’ and take appropriate steps to reduce that exposure.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Scott Graham on Unsplash

 

Articles

Biden administration brings expertise, new attitude to cybersecurity

The US president promises a reckoning for SolarWinds hackers and places cybersecurity at the top of the administration’s agenda.

The Biden administration has hit the ground running on cybersecurity, reportedly getting ready to nominate what some have called a “world-class” cybersecurity team of officials and prioritizing efforts to tackle the worst hack in US history, the SolarWinds breach. The renewed effort to tackle cybersecurity matters couldn’t come soon enough. The Trump administration all but gutted the White House and other government offices of cybersecurity expertise. In a series of steps that started with the elimination of a White House cybersecurity coordinator and ended with the firing of Christopher Krebs, the highly respected head of the Cybersecurity and Infrastructure Security Agency (CISA), the government suffered a serious cybersecurity brain drain during the Trump era.

The first sign that the current administration plans to take cybersecurity more seriously than the previous one did is the hiring of National Security Agency (NSA) official Anne Neuberger to fill the new position of Deputy National Security Adviser for cyber and emerging technology. Neuberger led the NSA’s cybersecurity defense operations and created the Russia small group at the agency to protect the 2018 mid-term elections from the kind of digital damage that marred the 2016 presidential election.

Biden has also tapped former senior national security officials with expertise in cybersecurity. Among them are Michael Sulmeyer, who serves as senior director for cybersecurity; Elizabeth Sherwood-Randall, named homeland security adviser; Russ Travers, deputy homeland security adviser; and Caitlin Durkovich, now a senior director for resilience and response at the National Security Council.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by René DeAnda on Unsplash

 

Advanced Persistent Threat

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.

The federal government and private sector are still reeling from the SolarWinds supply chain hack, and Congress is on edge as it begins a new term beset by fears of domestic terrorism. It would seem all bets are off in terms of the previous legislative agenda for cybersecurity, at least in the near-term. The relevant committees in the new 117th Congress have yet to weigh in on specific pieces of legislation, but it’s clear that cybersecurity will be a big focus across both the House and Senate.

First, in the wake of the discovery of the SolarWinds breach, the incoming Biden administration committed to making cybersecurity a top priority. Late last week, the Biden team made good on that promise when announcing its Rescue Plan that calls for around $10 billion in cybersecurity spending, including $690 million for CISA to improve security monitoring and incident response at the agency.

One of the legislators leading the fight for cybersecurity legislative initiatives in Congress, Representative Jim Langevin (D-RI), applauded Biden’s push for more cybersecurity spending. “I’m also grateful to see the president-elect pushing for important investments in cybersecurity in the wake of the SolarWinds hack, which has placed a spotlight on the need to act now to protect Americans and our interests in cyberspace,” he said in a statement lauding the overall rescue package.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an “attempted” breach.

One of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion product enabled Russian actors to embed surveillance malware into widely used management software. It pushed the so-called SUNBURST malware deep into public and private networks using the invisibility cloak of ordinary activity, causing no harm or disruption as it silently operated.

The SolarWinds hack is largely considered a turbo-charged nation-state espionage campaign. Most experts, however, won’t rule out that out the possibility that the Russian intelligence team behind the breach weren’t also paving the way for attacks that could damage operations. One of the biggest concerns about the hack’s impact is how it affected the nation’s power grid.

New regulations aimed at spotting attempted compromises in the power grid that don’t cause damage, like SolarWinds, went into effect on January 1, 2021. It’s not at all clear that the new requirements will help the energy industry spot these kinds of attacks.

This article appeared in CSO Online. To read the rest of the article please visit here.