Joe Uchill Profile picture
10 Mar, 36 tweets, 4 min read
CISA leadership will be testifying before the House Appropriations Committee's Homeland Subcommittee in about an hour about "Modernizing the Federal Civilian Approach to Cybersecurity."

I'll be live-tweeting it. 🧵
Interesting notes to consider in advance.

- Brandon Wales will testify as Acting Director.
While the Biden administration has discussed a task force in the wake of Hafnium, there's no confirmed CISA director, someone you'd expect on the task force.
Eagle-eyed readers will notice I've deleted and reposted that tweet twice after misspelling "Interesting" in two different ways.
-The joint written testimony from Wales and Eric Goldstein, CISA executive assistant director for cybersecurity focuses on two areas: CISA response to the SolarWinds campaign and preparedness in light of COVID-19.
We're live. Wales and Goldstein do address Hafnium up front, saying CISA helped coordinate disclosure and response.
Goldstein: we need to offer shared services to increase baseline cybersecurity, implement zero trust, increase threat hunting as approved by NDAA.
Rep. Roybal-Allard starts with a compound question covering all aspects of the SolarWinds breaches, ranging from do we know what we they stole and why didn't we notice.
Hasty transcribed answer:
CISA: Unaware of any exchange server breach in Fed Civilian agencies.
Goldstein says they were made aware of the Exchange server flaw on March 2.
Rosa L. DeLauro asks why Einstein isn't working so great.
Goldstein: Encryption renders the decade-old technology a little stale. Notes that encryption has security and privacy advantages.

Looking to EDR pilot programs.
DeLauro asks if election security diverted attention from other core functions, leading to SolarWinds.

Wales: Election security "is not a distraction." "We have to have the ability to work multiple problems." "I do not believe the election distracted us."
Rutherford: How are we doing with CDM?

Wales: Every agency is almost through phase 1. We need CDM before zero trust or EDR.
Most agencies are in phase 2 or almost through phase 2.
(So, at least almost through 1)
Goldstein: Don't think of all the tools as distinct things, think of them as part of a cohesive operation.
Ruppersberger: CISA is underfunded and understaffed, but staff that is there is doing good.

Says we can't have things like the Krebs being fired for "speaking truth to power" in our politics.
Goldstein: "We need more resources."
Hinson asks how sure we about detection in recent incidents.

Unrelated, unironic side note: She's got notably nice curtains.
Hinson: If you can say for the record, who is the actor:

Wales: US government has not attributed the Exchange breaches, but recognizes multiple actors appear to be in play. Microsoft says China.
Underwood: How does the funding in American Rescue Act help those outside the government, especially state and local groups?

Wales: We agree that state and local need more support. ARA is mostly focused on federal capabilities, but that might free up resources to help local.
Underwood: What percentage of CISA employees are women?

Wales: Roughly 35

U: Black, Latino, of color?

Wales: I don't know.
Goldstein: "You have my commitment" diversity in recruitment is a priority for years to come.
Palazzo says debt is a national security threat that should keep us up at night.
Price: How will CISA aid FEMA in required increases in cybersecurity grant awards?

Goldstein: We have subject matter experts ready to help.
Goldstein: Need more people for threat hunting, infrastructure, tools.
Goldstein: Funding to CISA does not replace the funding needed by agencies to address cybersecurity problems.
Roybal-Allard notes that despite CDM, agencies still can't identify who uses Exchange. Wonders why that is.

Goldstein: We're working with agencies to improve that.
Fleischmann: Beyond supply chain, what's the biggest threat?

Goldstein: Control systems. Those could kill people.
Wales says CISA efforts have lead to increased patching speed.
Price: Can we at least say now that smaller players are aware of the problem?

Wales: It's more of an issue of smaller players being under-resourced to protect themselves.
Palazzo: What causes you to have sleepless nights?

Goldstein: Attack on a critical function that causes a loss of life.
Roybal-Allard: ARA funds modernization, which CISA helps oversee. Can you speak to modernization and security?

Goldstein: They are inherently linked. Need to make sure we're building in security.
And, with that, we're done.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Joe Uchill

Joe Uchill Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @JoeUchill

9 Mar
The interesting thing about gaffs is not that they happen.
They happen to everyone. Today, I forgot the word acronym. What's interesting is how the ones that stick are ones that confirm what people already suspect about the person who said them.
That's not to say legitimately not knowing something important isn't a problem. But if you give 4 hours of speeches a day, you're going to trip over words.

Yet no one honestly thought Obama didn't know how many states there were when he said he visited 53 of them.
Trump was unique in that regard: To the best of my knowledge, he is the only president to claim the facts change to justify a gaffe. Saying "covfefe" was intentional, altering weather maps to show Alabama would be hit by Hurricane Dorian, claiming he said "Tim from Apple".
Read 4 tweets
12 Feb
There's a ton of stuff we don't know about Bloomberg Supermicro 1 and 2 that I'm not sure we're going to know. Here's what I do know about Supermicro 1, the original story:
I know a ton of national security and cybersecurity reporters and contractors who tried to substantiate the first story without success.

I tried to substantiate the first story without success.
People who I spoke to on Capitol Hill said they *wished* it was true to confirm what we generally know about China's industrial espionage.

People I spoke to in industry launched expensive investigations to see if they had been hit. They hadn't.
Read 11 tweets
10 Feb
The EAC is about to vote on the Voluntary Voting System Guidelines 2.0.

The most contentious point in VVSG is that it says wireless technology should be disabled and not completely removed from voting machines.
I'll try to live-tweet anything interesting, but am also expecting a call for work. So this thread may cut short at any time.

It could be very dramatic.
Disabling wifi rather than not purchasing machines that have wifi allows for more maneuverability in commercial, off the shelf purchases.
Read 19 tweets
7 Jan
The natsec/infosec implications of the coup attempt are staggering - not just in Pelosi's office.

They'll need to assume all systems and physical files were compromised, and catalog what of each was stolen, altered or destroyed
In the long run, they need an evacuation failsafe for computer systems.
I wasn't really referring to classified files. But it's worth noting that Mieke Eoyang disagrees both in terms of classified files and in general (down conversation).
Read 5 tweets
2 Jan
By the end of the first season, over the course of several investigations, the FBI had hacked into Boston's transportation system, an online casino that was cooperating with the investigation and the camera on a teenage girl's home computer.

Where will they CSI:CYBER next?
Interesting notes from the intro to episode 1:
-Peter McNichol (Ghostbusters 2) has been replaced by Ted Danson.
-They've taken out the part where someone whispers "It can happen to you."
Read 133 tweets
1 Jan
The passage of the NDAA means that the Executive Branch gets a new staff member: the National Cybersecurity Director.
The position is modeled after the U.S. Trade Representative, and is one of the Cybersecurity Solarium’s suggestions.
The position is Senate confirmed.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!