Cybersecurity

CISA eyes changes to combat future supply chain hacks

enterprise security (Omelchenko/Shutterstock.com) 

The acting director of the Cybersecurity and Infrastructure Security Agency today acknowledged the weaknesses in a premiere cybersecurity program and previewed a range of

issues CISA is now examining in the wake of the massive breach into multiple federal networks.

"There are things that clearly need to be done to enhance our ability to stop attacks like this in the future. One that we are working on is better insights and visibility into the end points," Brandon Wales, acting CISA chief, said today at an event hosted by the Business Council for International Understanding.

Wales' comments come the day after Anne Neuberger, the deputy national security advisor for cyber and emerging technology, said the White House is planning "executive action" both to mitigate the damage done by the breach involving SolarWinds Orion as well as options for a response against those responsible.

"We're also working on close to about a dozen things," Neuberger said in a Wednesday press briefing in the White House. "Likely, eight will pass to be part of an upcoming executive action to address the gaps we have identified in our review of this incident."

Wales on Thursday when asked about Einstein, a core component of the government's National Cybersecurity Protection System, acknowledged the program could not stop the supply chain attack the government discovered in December 2020.

"Einstein is actually a collection of capabilities, but they're all focused on the perimeter of monitoring network traffic that's going from outside U.S. government networks to inside the networks," he said. "In the case of a supply chain attack, [the threat] kind of bypasses that. It immediately places itself inside of a network and no perimeter security measure is going to stop it," he continued.

Wales said CISA is exploring ways to monitor activities internally for "anomalous activities" such as a network management system communicating through an encrypted channel to an entity outside the network.

He also said work needs to be done on software assurance. While it would be unrealistic for the government to review every line of code for every piece of software it deploys, there are improvements that can be made through contractual language to ensure private vendors have appropriate levels of security in place.

"What made SolarWinds so devastating was that SolarWinds devices are normally configured to have broad administrative rights on a network. If a system is like that, if it has broad administrative rights then it requires further hardening inside of your network," he said.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected