“[I]t reflects the recognition by this administration of the urgency of improving cyber security, “said cyber chief Eric Goldstein of the Agency for Security and Infrastructure Security, adding that it will provide funding for the next budget cycle, given the current threats posed by federal networks facing.
Goldstein, a leading political nominee, said the funding stems from the fact that federal agencies provide services that ‘directly or indirectly relate to our country’s ability to recover from the pandemic’. In an interview with CNN, he also pointed to increased remote work during the pandemic, which created a reliance on cloud computing and thus increased the need for security tools.
About 90% of the federal government’s Microsoft Exchange Server cases have been mitigated, according to Goldstein, on Wednesday, pointing out that there is no confirmation yet that any agency has been ‘compromised’.
The number of affected entities remains the same, Goldstein said. At least nine federal agencies have been targeted and at least 100 private-sector businesses are at risk, the White House earlier confirmed.
Brandon Wales, acting director of CISA, said earlier on Wednesday that the agency still believes the SolarWinds breach was ‘largely a spying operation’ to gather information, mainly based on Microsoft Office 365 email for agency staff.
During a hearing on home loan committees, he said it was ‘extremely targeted’. According to Wales, there were usually only a few dozen individuals at an agency targeted as part of this campaign.
CISA has “no evidence at this time” that the actor did anything other than steal information, Wales said.
“Networks are an emerging battlefield for both the public and private sectors,” she said.
CISA recently launched pilot programs to improve the visibility of federal civilian networks, which are used as ‘evidence of concept’ to determine which combination of capabilities will be most effective. The goal is to be able to continually analyze security data from agencies to proactively identify opposing activities “much faster than we can do today,” Goldstein said.
Part of the launch is the addition of additional tools for detecting and responding to endpoints on government agency networks, enabling proactive blocking of malicious activities. Another way is for CISA agencies to provide access to their security data, mainly logs, for data analysis.
CISA works with specific agencies on which tools or combination of tools are most effective and what enables a continuous hunting activity. Goldstein would not name the agencies involved in the effort.
Currently, CISA mainly carries out threat hunting and other responses to incidents after an intrusion has been identified.
“Where we want to go is really moving so far earlier in the process, so that we can constantly carry out this type of threatening activity, and identify identifying activities, ideally within a very short period of time after an initial intrusion has taken place,” he said.