Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label White House. Show all posts

White House Cybersecurity Strategy warns of "Complex Threat Environment"

 


There was a national cyber-security strategy published by the White House on March 2. It contains a list of threats to U.S. networks terrestrially and in space related to Russian and Chinese hackers. 

"Evolving intelligence" suggests many options could be explored for potential cyberattacks against critical U.S. infrastructure, as President Biden warned on Monday. 

Anne Neuberger, Mr. Biden's deputy national security adviser for cyber and emerging technology, told reporters Monday afternoon that U.S. officials have observed "preparatory work" linked to nation-state actors, despite no evidence of any specific cyberattack threat. The fact that U.S. companies are scanning their websites and hunting for vulnerabilities may indicate an increase in vulnerability-hunting activities. 

On Thursday, the Biden administration released its nationally comprehensive cybersecurity strategy. This provides the steps required to ensure the nation's cyber ecosystem is protected from threats. 

A few key pillars will be emphasized in the strategy as it moves forward. In addition to cyberattacks, these efforts include disrupting and dismantling cyber criminals, establishing international partnerships, and protecting critical infrastructure from cyberattacks. 

The White House will still need to implement Space Policy Directive 5. This was issued by the previous administration in September 2020 and focuses on space systems protection. Although the updated document replaces the Trump administration's 2018 cybersecurity strategy, the White House will continue to implement that strategy. 

It was stated in the strategy that the first pillar will enhance cybersecurity requirements for critical sectors. This will secure critical infrastructure. Public-private partnerships and federal network modernization will also be formed to keep up with cyber security threats. 

It has been interesting to see bipartisan support for several cyber bills that Congress introduced and passed last year aimed at protecting critical infrastructure. These include critical infrastructure in the health and energy sectors. 

Moreover, Kemba Walden suggested that the government should utilize all resources at its disposal, including the military and law enforcement authorities. This will disrupt malicious cyber activity and pursue perpetrators. 

Walden assumed the role of acting director after Chris Inglis resigned due to health reasons. Biden named Inglis as the first director of cyber security for the nation in 2021 following a nomination by Biden. Inglis announced his resignation in mid-February.  

There is a second pillar of the strategy that focuses on disrupting and dismantling cyber criminals, such as nation-state threats.

To protect the country's national security and public safety, the government uses every available resource to "make it harder for them to pose a threat to national security." 

Increasing collaboration and partnership with foreign partners who share the same mission is the third pillar of the strategy. The administration announced today that to counter cyberattacks it will use international coalitions among "like-minded nations." 

SPD 5 was touted as a first step toward developing an accurate and comprehensive security policy for satellites and systems that connect them to the Internet. 

The role that space systems play as vital infrastructure, as well as providers of essential services, has caused experts to warn that a growing number of attacks are being launched against them. 

A major thrust of the National Cybersecurity Strategy is the realignment of incentives so that long-term investments are prioritized. It has been suggested in recent years that the biggest, most capable, and best-positioned actors in the digital ecosystem - whether in the public or private sectors - can and should take on an increased share of the burden to mitigate cyber risk in their respective industries. Public and private sector entities must have the resources, capabilities, and incentives to choose long-term solutions over temporary fixes when faced with trade-offs between short-term fixes and long-term solutions. 

In addition, the United States remains committed to international cyber partnerships. Defendable, resilient, and value-aligned digital ecosystems will be built with allies and partners. Keeping shared interests at the forefront means promoting an environment where all states are expected to behave responsibly in global cyberspace. On the other hand, a person who displays irresponsible behavior is not only a source of cost but also isolation.

A path is outlined in this strategy to ensure our digital future is secure. By implementing it, the administration will lay the foundation for reliable cyberinfrastructure. This will enable it to achieve its infrastructure, clean energy, equity, democracy, and economic opportunity goals. At the most fundamental level, it acknowledges that cyberspace exists not for its own sake but only to be used in pursuit of our highest goals.   

White House Directs Federal Agencies to Improve Logging Capabilities

 

The White House has directed federal agencies to improve their logging capabilities in order to accelerate cybersecurity incident response, according to a memo from the Office of Management and Budget. 

The memo, issued by acting OMB Director Shalanda Young, includes a maturity model for event log management intended to guide federal agencies' implementation of its requirements across four event logging (EL) tiers: not effective, basic, intermediate, and advanced.

"These tiers will help agencies prioritize their efforts and resources so that, over time, they will achieve full compliance with requirements for implementation, log categories, and centralized access. Agencies should also prioritize their compliance activities by focusing first on high-impact systems and high-value assets,” according to OMB. 

By working through these various tiers, federal departments will align more with the types of log management capabilities present in the private sector, according to Mike Hamilton, the former vice-chair for the Department of Homeland Security's State, Local, Tribal, and Territorial Government Coordinating Council. 

The memo follows a May 12 executive order by President Joe Biden issued following the SolarWinds hack that compromised nine federal agencies, a ubiquitous government contractor, and about 100 U.S. companies.

“Recent events, including the SolarWinds incident, underscore the importance of increased government visibility before, during, and after a cybersecurity incident. Information from logs on federal information systems — for both on-premises systems and connections hosted by third parties, such as cloud services providers — is invaluable in the detection, investigation, and remediation of cyber threats,” reads the memo. 

The departments now have 60 days to assess their capabilities against the maturity model and plan to address resource and implementation gaps. Those plans must be sent to the OMB Resource Management Office and Office of the Chief Information Officer desk officer. OMB expects federal agencies to prioritize their high-impact systems and high-value assets first as they implement EL requirements.

Agencies were also told to share logs with third parties like the FBI and Cybersecurity and Infrastructure Security Agency. “This sharing of information is critical to defend federal information systems,” reads the memo. The memo directs CISA to deploy teams to advise agencies in their assessment of their logging capabilities and release tools with the FBI to help assess logging maturity. 

Meanwhile, the Department of Commerce must have the National Institute of Standards and Technology maintain Special Publication 800-92, its “Guide to Computer Security Log Management” and incorporate the memo’s requirements into its next revision and other relevant publications.