Aug 11 2021

Federal Cybersecurity Influencers Highlight Resources to Combat Evolving Threats

Industry experts and agencies tasked with protecting fellow departments from attacks offer helpful tools to boost protection.

For all of 2021, cybersecurity has been a topic of intense concern across the federal government, as agencies have worked to respond to the SolarWinds cyberattack from late 2020 and assess its fallout.

In March, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency ordered all federal enterprises to update onsite Microsoft Exchange products because of an attack via falsified Microsoft 365 authentication credentials.

Federal officials are still trying to determine the impact of both attacks, and in mid-July the White House attributed the Exchange hack to malicious actors tied to the Chinese government.

In response to those breaches and other high-profile ransomware attacks, the Biden administration has issued an executive order on cybersecurity, mandating that agencies shift to zero-trust architectures, adopt multifactor authentication and encryption for data at rest and in transit, and take many other steps to enhance their cybersecurity posture.

It’s a lot to take in and keep track of. Thankfully, several people and entities that are on FedTech’s 2021 30 Federal IT Influencers List are active on Twitter and are providing resources and context for major cybersecurity developments. They are among the trusted voices the federal IT community should look to for information and insight into how cybersecurity threats are evolving and what agencies need to know to bolster security.

Resources for Agencies to Combat Cyberattacks

Federal agencies, like other large organizations, are prime targets for cyberattacks. As such, it’s important for IT leaders and CISOs to stay on top of tools to combat known threats.

Former CISA Director Chris Krebs, who leads Krebs Stamos Group, a cybersecurity consultancy he started with Alex Stamos, the former chief security officer at Facebook, is one of the internet’s most prominent voices on issues related to cybersecurity. He recently highlighted the work of his former agency and pointed to current guidance from CISA on how to combat common vulnerabilities.

“It’s not always the new and novel stuff that gets ya,” Krebs wrote regarding the guidance. “As long as the tried and trusted vulns are out there, the bad guys will use them,” he said referring to vulnerabilities.

In late July, CISA, along with the Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre and the FBI, highlighted the top common vulnerabilities and exposures (CVEs) routinely exploited by cyber actors in 2020 and the vulnerabilities being widely exploited so far in 2021.

“Cyber actors continue to exploit publicly known — and often dated — software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” the advisory states. “It’s recommended that organizations apply the available patches for the 30 vulnerabilities listed in the joint cybersecurity advisory and implement a centralized patch management system.”

Four of the most targeted vulnerabilities in 2020 involved remote work, VPNs or cloud tools, according to the guidance.

Also in July, CISA noted that it has “observed Chinese state-sponsored cyber actors” targeting the country’s critical infrastructure sector.

CISA, along with the National Security Agency and the FBI, published a similar joint cybersecurity advisory “with more than 50 observed tactics, techniques, and procedures (TTPs) of Chinese state-sponsored cyber operations,” the agency wrote on Twitter.

The advisory urged government agencies, as well as critical infrastructure providers, defense industrial base companies and the private sector, to take several common-sense security steps to guard against these vulnerabilities. Those include patching systems and equipment promptly and diligently; enhancing the monitoring of network traffic, email and endpoint systems; and implementing anti-virus software and other endpoint protection capabilities to automatically detect and prevent malicious files from executing.

What Comes Next for Software Supply Chain Security?

The May 12 executive order on cybersecurity included a major overhaul of how the federal government and, more important, private sector companies that do business with the government, will handle software supply chain security.

The order does several important things related to software supply chain security. It requires the National Institute of Standards and Technology to develop baseline security standards for software used by government agencies.

In early July, NIST noted that it was doing its part to enhance software supply chain security via “newly published guidance outlining security measures and minimum testing standards #guidelines!”

The executive order tasked NIST with defining “critical” software, which it did in June, as any software that “has, or has direct software dependencies upon, one or more components with at least one of these attributes: is designed to run with elevated privilege or manage privileges; has direct or privileged access to networking or computing resources; is designed to control access to data or operational technology; performs a function critical to trust; or, operates outside of normal trust boundaries with privileged access.”

In July, NIST outlined security measures that agencies should take to protect such software, including the use of multifactor authentication that is resistant to verifier impersonation for all users and administrators; following privileged access management principles for network-based administration; and employing boundary protection techniques as appropriate to minimize direct access to software, software platforms and associated data critical to the executive order.

gorodenkoff/Getty Images

aaa 1