Cybersecurity

Pentagon issues cyber tasking order in response to Exchange hack

 

The Pentagon has ordered its agencies and commands to take actions "in line" with the emergency directive recently issued by the Cybersecurity and Infrastructure Security Agency in response to vulnerabilities found in Microsoft's Exchange software.

"Joint Force Headquarters - DODIN coordinated with the Cybersecurity and Infrastructure Security Agency and then issued a Cyber Tasking Order in line with CISA's emergency directive to all DOD agencies and commands directing them to take actions necessary to protect DoD networks and IT systems," Russell Goemaere, a Pentagon spokesman, told FCW Tuesday.

Goemaere added the Defense Department is also coordinating with the National Security Agency on further steps to protect its networks.

Goemaere did not say what actions the order included, but CISA's March 3 emergency directive instructed federal agencies to either disconnect or update Microsoft Exchange software running on premise as well as conduct forensic analysis for indicators of compromise. CISA's authority extends only to civilian agencies, placing the Pentagon outside of its purview.

The zero-day exploits discovered in Microsoft's product has prompted the White House, the National Security Council and CISA to aggressively push a public message urging U.S. organizations to not only update their systems, but check for compromise.

"I would just take this opportunity to encourage any attendees at this panel, please do urgently look at guidance that my agency, CISA, has put out to mitigate this vulnerability. It is an urgent national risk and I think reflects the fact that, big or small, all organizations face significant cybersecurity risks," Eric Goldstein, executive assistant director for cybersecurity at CISA, said Tuesday during a panel hosted by the Center for Strategic and International Studies.

Greg Touhill, a former Air Force brigadier general and the first federal chief information security officer, said that while CISA's authority may not include the Pentagon, the remediations necessary for military networks are not necessarily unique from civilian ones.

"One of the frustrations that's out there is the fact that we do have separate lines of authorities for dot gov and then dot mil," he said. "If CISA puts something out, DOD takes a look at it. They may amplify it, they may ignore it, or they may help inform better documents coming out of CISA, but at this point, there are two distinct management teams."

About the Author

Justin Katz is a former staff writer at FCW.


Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected