DHS just wrapped up a background briefing with senior officials on the department's cybersecurity agenda.
Nothing earth-shattering, but I'll share a few comments that stood out to me.
We've previously heard from Anne Neuberger that the Biden administration has an EO coming with mitigations related to the SolarWinds/Exchange vulnerabilities. Today, a senior DHS official told us that it will contain "close to a dozen actions."
DHS Sec Mayorkas will be discussing cyber tomorrow during an RSA event.
Per sr official, he will offer a "comprehensive vision" for using DHS/CISA to defend the country, incl through several "cybersecurity sprints" that he previously teased.
1st sprint will focus on ransomware.
Not sure if it's b/c they saw my story this morning politico.com/news/2021/03/3… but one senior DHS official was adamant that CISA has enough resources to respond to the requests for help that it's getting right now.
Quote in next tweet.
“Our capacity remains within the parameters of our demand signal at this point in time," sr official said. "At no point during [SW/Exchange] did CISA need to turn away a compromised entity that was seeking help."
But sr official noted that things could get even worse and that CISA wants to be ready.
"We do have capacity yet to deploy, but recognizing the evolving environment, we want to make sure that we are moving ahead of the point where we may see capacity constraint."
DHS is in the middle of "an in-depth lessons-learned exercise" about SolarWinds and Exchange that will lead to "a set of recommendations that will guide our work for the administration moving forward," one senior official said.
Unclear how that will overlap with the imminent EO.
Multiple reporters asked officials for more transparency about the specific impacts of SolarWinds, amid reports of specific Trump Cabinet secretaries being hacked.
Officials declined to get that specific, saying the hackers' exact movements aren't crystal clear.
Hacks like this often produce "a level of ambiguity about what a particular adversary accessed or what their intent was," one senior official said, so discussing "impacts as individualized as a given user account would likely be speculative."
"Where possible we do want to make sure that the public understands the impact of a given attack," sr official said, but "it is equally if not more important to convey the strategic view" of the hackers' goals, esp if those goals include "damaging attacks with physical impact."
On the Q of new authorities, the officials said the Biden administration wants to work with Congress "to examine possible options, like mandatory incident reporting in some cases and for some entities," that would help CISA gather the data it needs to assess threats.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
HSGAC Chair Gary Peters: “The process and procedures for responding to cyberattacks desperately needs to be modernized,” including by reforming FISMA and streamlining information sharing.
Peters: “It is clear from the gravity of this threat that we need to examine whether CISA, the FBI and other agencies have what they need to protect the American people.”
Interestingly, the National Intelligence Officer for Cyber disagreed with the conclusion that China didn't interfere. They put more stock in evidence showing that "Beijing preferred...Trump's defeat and the election of a more predictable member of the establishment instead."
In a separate document, DHS/CISA and DOJ/FBI say they investigated the right-wing conspiracy theories about foreign voting machine rigging and results tampering, and that they're "not credible." dhs.gov/sites/default/…
At WH briefing, national security adviser Jake Sullivan says the U.S. is "still gathering information" about the "scope and scale" of the Microsoft Exchange hacking campaign.
Sullivan: "The precise number of systems that have been exposed by this vulnerability and have been exploited, either by non-state threat actors or ransomware hackers or others, that is something that we are urgently working with the private sector to determine."
Sullivan: "It is certainly the case that malign actors are still in some of these Microsoft Exchange systems, which is why we have pushed so hard to get those systems patched, to get remediation underway."
One year ago today, the WHO declared the coronavirus a pandemic, Tom Hanks got Covid, schools and sports shut down, and normal life in America evaporated for everyone not already working from home.
NBC just published a great collection of people's last "normal" photos, and they are absolutely haunting. nbcnews.com/specials/the-l…
"The cascade of announcements felt like a turning point in the crisis ... Ordinary life in many places will no longer be the same for the foreseeable future as society adjusts to a new reality that transforms everything..."
The House Appropriations homeland security subcommittee is about to start a hearing on "Modernizing the Federal Civilian Approach to Cybersecurity" with acting CISA chief Brandon Wales and new CISA Cyber Division head Eric Goldstein.
Wales and Goldstein will tell Congress that CISA needs better "visibility into agency cloud
environments and end-points," esp. in light of remote work. And they'll announce work with NIST on a "common baseline" of security rules, esp. for logging. docs.house.gov/meetings/AP/AP…
Wales and Goldstein, whose agency is dealing with SolarWinds and Exchange on top of its regular work, will also deliver this warning to appropriators: CISA's "incident response resources must be fortified now to ensure that we will not be overwhelmed in the future."