CISA leadership will be testifying before the House Appropriations Committee's Homeland Subcommittee in about an hour about "Modernizing the Federal Civilian Approach to Cybersecurity."
I'll be live-tweeting it. 🧵
I'll be live-tweeting it. 🧵
Interesting notes to consider in advance.
- Brandon Wales will testify as Acting Director.
While the Biden administration has discussed a task force in the wake of Hafnium, there's no confirmed CISA director, someone you'd expect on the task force.
- Brandon Wales will testify as Acting Director.
While the Biden administration has discussed a task force in the wake of Hafnium, there's no confirmed CISA director, someone you'd expect on the task force.
Eagle-eyed readers will notice I've deleted and reposted that tweet twice after misspelling "Interesting" in two different ways.
-The joint written testimony from Wales and Eric Goldstein, CISA executive assistant director for cybersecurity focuses on two areas: CISA response to the SolarWinds campaign and preparedness in light of COVID-19.
We're live. Wales and Goldstein do address Hafnium up front, saying CISA helped coordinate disclosure and response.
Wales: 
Goldstein: we need to offer shared services to increase baseline cybersecurity, implement zero trust, increase threat hunting as approved by NDAA.
Rep. Roybal-Allard starts with a compound question covering all aspects of the SolarWinds breaches, ranging from do we know what we they stole and why didn't we notice.
Hasty transcribed answer:
CISA: Unaware of any exchange server breach in Fed Civilian agencies.
Goldstein says they were made aware of the Exchange server flaw on March 2.
Rosa L. DeLauro asks why Einstein isn't working so great.
Goldstein: Encryption renders the decade-old technology a little stale. Notes that encryption has security and privacy advantages.
Looking to EDR pilot programs.
Looking to EDR pilot programs.
DeLauro asks if election security diverted attention from other core functions, leading to SolarWinds.
Wales: Election security "is not a distraction." "We have to have the ability to work multiple problems." "I do not believe the election distracted us."
Wales: Election security "is not a distraction." "We have to have the ability to work multiple problems." "I do not believe the election distracted us."
Rutherford: How are we doing with CDM?
Wales: Every agency is almost through phase 1. We need CDM before zero trust or EDR.
Wales: Every agency is almost through phase 1. We need CDM before zero trust or EDR.
Most agencies are in phase 2 or almost through phase 2.
(So, at least almost through 1)
Goldstein: Don't think of all the tools as distinct things, think of them as part of a cohesive operation.
Ruppersberger: CISA is underfunded and understaffed, but staff that is there is doing good.
Says we can't have things like the Krebs being fired for "speaking truth to power" in our politics.
Says we can't have things like the Krebs being fired for "speaking truth to power" in our politics.
Goldstein: "We need more resources."
Hinson asks how sure we about detection in recent incidents.
Unrelated, unironic side note: She's got notably nice curtains.
Unrelated, unironic side note: She's got notably nice curtains.
Hinson: If you can say for the record, who is the actor:
Wales: US government has not attributed the Exchange breaches, but recognizes multiple actors appear to be in play. Microsoft says China.
Wales: US government has not attributed the Exchange breaches, but recognizes multiple actors appear to be in play. Microsoft says China.
Underwood: How does the funding in American Rescue Act help those outside the government, especially state and local groups?
Wales: We agree that state and local need more support. ARA is mostly focused on federal capabilities, but that might free up resources to help local.
Wales: We agree that state and local need more support. ARA is mostly focused on federal capabilities, but that might free up resources to help local.
Underwood: What percentage of CISA employees are women?
Wales: Roughly 35
U: Black, Latino, of color?
Wales: I don't know.
Wales: Roughly 35
U: Black, Latino, of color?
Wales: I don't know.
Goldstein: "You have my commitment" diversity in recruitment is a priority for years to come.
Palazzo says debt is a national security threat that should keep us up at night.
Price: How will CISA aid FEMA in required increases in cybersecurity grant awards?
Goldstein: We have subject matter experts ready to help.
Goldstein: We have subject matter experts ready to help.
Goldstein: Need more people for threat hunting, infrastructure, tools.
Goldstein: Funding to CISA does not replace the funding needed by agencies to address cybersecurity problems.
Roybal-Allard notes that despite CDM, agencies still can't identify who uses Exchange. Wonders why that is.
Goldstein: We're working with agencies to improve that.
Goldstein: We're working with agencies to improve that.
Fleischmann: Beyond supply chain, what's the biggest threat?
Goldstein: Control systems. Those could kill people.
Goldstein: Control systems. Those could kill people.
Wales says CISA efforts have lead to increased patching speed.
Price: Can we at least say now that smaller players are aware of the problem?
Wales: It's more of an issue of smaller players being under-resourced to protect themselves.
Wales: It's more of an issue of smaller players being under-resourced to protect themselves.
Palazzo: What causes you to have sleepless nights?
Goldstein: Attack on a critical function that causes a loss of life.
Goldstein: Attack on a critical function that causes a loss of life.
Roybal-Allard: ARA funds modernization, which CISA helps oversee. Can you speak to modernization and security?
Goldstein: They are inherently linked. Need to make sure we're building in security.
Goldstein: They are inherently linked. Need to make sure we're building in security.
And, with that, we're done.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
