"In an increasingly connected world, we must have the proper structures in place to promote our values and interests in cyberspace," Rep. Mike Gallagher (R-Wisc.), a co-sponsor of the Cyber Diplomacy Act (H.R. 1251), said in a statement Tuesday evening. He also urged the Senate to pass the bill.

The cyber diplomacy bill would establish an ambassador-level Bureau of International Cyberspace Policy within the State Department. The head of the bureau would be appointed by the president and confirmed by the senate.

Rep. Michael McCaul (R-Texas), another co-sponsor of the bill, said earlier this year that the U.S. has been missing an "ambassador like position on cybersecurity that could negotiate with other countries and allies particularly, certain norms and standards within cyberspace."

The policy foundation for the international cyber norms sought by Congress is described in the bill as an effort "to promote an open, interoperable, reliable, unfettered, and secure Internet government by the multi-stakeholder model, which promotes human rights, democracy, and rule of law, including freedom of expression, innovation, communication, and economic prosperity; and respects privacy and guards against deception, fraud, and theft."

The cyber bill and seven others having to do with the Department of Homeland Security were approved together by a 355 to 69 vote.

The DHS Morale Act (H.R. 490) was introduced by Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee, and would address morale at the department by expanding the duties of the Chief Human Capital Officer for leader development and employee engagement, having a catalogue of available employee development opportunities, and issuing a department-wide employee engagement action plan.

Another human resources bill, the Homeland Security Acquisition Professional Career Program Act (H.R. 367), introduced by Rep. Dina Titus (D-Nev.), addresses shortages within the DHS acquisition workforce through diversification efforts, including recruitment from minority-serving colleges and universities and of veterans.

The CBRN Intelligence and Information Sharing Act of 2021 (H.R. 397), was introduced by Rep. Carlos Gimenez (R-Fla.) and directs the Office of Intelligence and Analysis to coordinate information sharing on chemical, biological, radiological and nuclear (CBRN) threats with authorities at all government levels.

The Quadrennial Homeland Security Review Technical Corrections Act of 2021 (H.R. 370), introduced by Rep. Bonnie Watson Coleman (D-N.J.), would make changes to the DHS quadrennial reviews related to consultation, prioritization, resources, deadlines and documentation.

The Transit Security Grant Program Flexibility Act (H.R. 396), introduced by Rep. Andrew Garbarino (D-N.Y.), makes changes to the Transit Security Grant Program to expand the scope of how transit agencies can use grant funds to cover security costs.

The Trusted Traveler Reconsideration and Restoration Act of 2021 (H.R. 473), introduced by Rep. John Katko (R-N.Y.), ranking member of the Homeland Security Committee, directs the Government Accountability Office to review the department's trusted traveler program and extend the enrollment period where an enrollee's participation was revoked in error.

The final DHS bill approved, the Department of Homeland Security Mentor-Protégé Act of 2021 (H.R. 408), introduced by Rep. Donald McEachin (D-Va.), reauthorizes the mentor-protégé program that encourages large prime contractors to partner with and enhance the capabilities of small businesses to help small companies improve their ability to compete for future DHS contracts.

The post House Passes Eight Bipartisan Cyber, Homeland Security Bills appeared first on IIOT Connection.

The new pilot effort is a partnership between the DoE's Office of Cybersecurity, Energy Security, and Emergency Response, the electric industry, and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA).

"The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses," Energy Secretary Jennifer Granholm said in a statement. "It's up to both government and industry to prevent possible harms. That's why we're working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system."

Under the 100-day plan industry can voluntarily deploy technologies to increase the visibility, detection, mitigation and forensic capabilities related to threats to their ICS and operational technology (OT) systems. The plan also has milestones for utilities to deploy technologies to improve their "near real time situational awareness and response capabilities" of ICS and OT systems, the DoE said.

The DoE singled out China as a threat to the nation's energy sector.

"Adversarial nation-state actors are targeting our critical infrastructure, with increasing focus on the energy sector," the department said in a Request for Information related to the 100-day sprint. "For example, the government of the People's Republic of China is equipped and actively planning to undermine the electric power system in the United States. The growing prevalence of essential electric system equipment being sourced from China presents a significant threat, as Chinese law provides opportunities for China to identify and exploit vulnerabilities in Chinese-manufactured or supplied equipment that are used in U.S. critical infrastructure that rely on these sources."

Participation by the private sector in the new cybersecurity initiative is voluntary and is built on partnerships with the federal government. The private sector owns and operates about 85 percent of the nation's critical infrastructure.

"Public-private partnership is paramount to the administration's efforts because protecting our nation's critical infrastructure is a shared responsibility of the government and the owners and operators of that infrastructure," Emily Horne, the spokeswoman for the White House National Security Council, said in a statement. "The 100-day plan includes aggressive but achievable milestones and will assist owners and operators as they modernize cybersecurity defenses, including enhancing, mitigation, and forensic capabilities."

The new cybersecurity sprint is in line with DHS Secretary Alejandro Mayorkas' plans for six department-led cyber sprints, which are focused on ransomware, the cyber workforce, ICS, the transportation sector, election security, and international efforts.

Acting CISA Director Brandon Wales said in a statement that the pilot effort with the energy sector will help with "work to secure industrial control systems across all sectors."

When President Joe Biden entered office in January, he issued an executive order on the climate crisis that suspended a 2020 directive by then-President Donald Trump that led to the U.S. prohibiting some utilities from acquiring and installing bulk power system electric equipment manufactured in, or controlled by, China. Granholm revoked the suspension on Tuesday while the administration considers a replacement order.

The Request for Information issued by DoE seeks input from the energy sector, academia, research laboratories, government agencies and other stakeholders for better securing supply chains of U.S. energy systems while taking into consideration the needs of all stakeholders.

"To ensure that the department's considerations for a replacement executive order appropriately balance national security, economic, and administrability considerations, the department is seeking information from electric utilities, academia, research laboratories, government agencies, and other stakeholders," the RFI says.

The post Biden Administration Targets Electric Utilities For Cybersecurity Protections appeared first on IIOT Connection.

The attribution to the SVR, which is also known as APT 29, Cozy Bear, and The Dukes, is the first time the U.S. government has been specific about identifying the Russian government, and specifically the SVR, as the perpetrators of what is commonly called the SolarWinds attack. In early January, the U.S. intelligence community said the hack was "likely Russian in origin" and earlier this week it released its annual threat assessment called it "A Russian software supply chain operation."

The administration said the intelligence community "has high confidence" in attributing the attack to the SVR.

In addition to outing the SVR, the administration identified six Russian companies–some private and some state-owned, that the U.S. Treasury Department said provide expertise, tools and infrastructure to the SVR and other Russian intelligence services and help with "facilitating malicious cyber activities."

The White House, in a fact sheet announcing a broader set of sanctions against the Russian government and entities for the SolarWinds hack and much more, warned about doing business with information technology companies and personnel in Russian or that work with Russia.

The SVR's "efforts should serve as a warning about the risks of using information and communications technology and services (ICTS) supplied by companies that operate or store user data in Russia or rely on software development or remote technical support by personnel in Russia," the fact sheet says.

The six Russian companies designated by the Treasury Department are ERA Technopolis, a research center and technology park operated by the Ministry of Defense, Pasit, AO, an IT company that does research and development in support of the SVR's "malicious cyber operations," the Federal State Autonomous Scientific Establishment Scientific Research Institute Specialize Security Computing Devices and Automation, or SVA, which is a state-owned research organization that does work in information security and also added the SVR's cyber operations, Neobit, OOO, another IT security firm that includes Russia's Defense and intelligence services as its customers and also supports their cyber operations, Advanced Technology, AO, an IT firm that also supports cyber operations, and Positive Technologies, an IT firm that also support the Russian government and helps with recruiting events for the intelligence services.

SolarWinds Inc. [SWI] is based in Texas and provides network management software. The SVR was able to implant malicious code into software updates the company developed that were used in routine patching made available to its customers. The hack was first discovered by the U.S. company FireEye [FEYE] last December, who discovered that its own threat hunting tools had been stolen in the breach, and quickly notified the U.S. government, its customers and the larger public.

Media reports previously have sited cyber security officials blaming the SVR for the hack.

"This is a positive, welcome step towards adding more friction to Russian operations," Kevin Mandia, FireEye's CEO, said in a statement on Thursday. "Simply naming the SVR, as well as the corporations that support it will inform our defense. Unfortunately, we are unlikely to fully deter cyber espionage and we will have to take serious action to better defense ourselves from inevitable future intrusions."

President Joe Biden also issued an executive order outlining a range of sanctions the U.S. is taking, and might take, related to the SolarWinds hack as well as Russian interference in the 2020 U.S. elections, and attempts to destabilize the U.S. and its partners and allies among other nefarious activities. The administration's actions received strong bipartisan support in Congress.

Rep. Michael McCaul (R-Texas), ranking member on the House Foreign Affairs Committee, backed the sanctions but also said more needs to be done "to establish a credible deterrent." He called again for the administration to make further sanctions related to Russia's Nord Stream 2 pipeline project, a subsea natural gas line from Russia to Germany, saying such a move would impose "real costs on the Putin regime's efforts to undermined U.S. democratic institutions and weaken our allies and partners."

Senior administration officials on a background call with media did not discuss a potential cyber deterrence policy or strategy to prevent future cyberattacks and other unacceptable activities by Russia. One official said that in addition to the executive order and sanctions, "unseen" responses are also being taken.

While cyber espionage isn't anything new, the administration has been concerned that the latest compromise also had the potential for disruptive attacks and caused an undue economic burden on the private sector.

The SolarWinds hack ended up compromising nine federal agencies and departments and about 100 private sector entities. The White House said the compromise gave the SVR the ability to ultimately "spy on or potentially disrupt more than 16,000 computer systems worldwide," disruption that could easily be used to rapidly trigger public safety and health consequences.

"And finally, the hack placed an undue burden on the mostly private-sector victims who must bear the unusually high costs of mitigating this incident," one senior official said.

The official also said that the U.S. remains committed to "an open, interoperable, secure, and reliable internet," highlighting that Russia's activity "runs counter to that goal."

In support of a global approach to cybersecurity, the White House announced two actions one being the promotion of a framework for responsible norms in cyberspace and the need for cooperation with allies and partners "to counter malign activities." Toward this end, the administration is "providing a first-of-its-kind course for policymakers worldwide" on attributing cyber incidents, and providing training to "foreign ministry lawyers and policymakers" on applying international law to state behavior in cyberspace," the White House says.

The second step is strengthening the commitment to cooperating on security in cyberspace. The fact sheet says a cybersecurity exercise this year by the Defense Departments will include additional allies, the United Kingdom, France, Denmark and Estonia. These countries will participate in the planning of CYBER FLAG 21-1, which "will build a community of defensive cyber operators and improve overall capability of the United States and allies to identify, synchronize, and response in unison against simulated malicious cyberspace activities targeting our critical infrastructure and key resources," the White House says.

The post White House Attributes SolarWinds Hack To Russian Agency appeared first on IIOT Connection.

The DoD was already moving toward a ZT framework but the "increasing sophistication, determination, and resourcefulness of our adversaries in cyberspace" as evidenced by the compromises of software supplied by Microsoft [MSFT] and SolarWinds [SWI] "highlight the importance of accelerating adoption across the department," three DoD officials said in their written statement to the Senate Armed Services Committee's panel that oversees cybersecurity issues.

"Currently, untrusted users, machines, applications and other entities are kept outside of our network perimeter while trusted ones are allowed inside," David McKeown, deputy chief information officer for Cybersecurity and the Chief Information Security Officer for DoD, told the subcommittee in his opening statement. "We have developed advanced capabilities to monitor traffic flowing between untrusted networks, such as the internet, and our trusted networks to identify attempted attacks or exfiltration of data. The limitations of this defense are exposed when the adversary is able to establish a foothold on a device within our perimeter on our trusted network."

In the cases of the compromises of SolarWinds and Microsoft, the DoD wasn't hacked although nine other federal departments and agencies were, including the Department of Homeland Security.

The SolarWinds incident is being attributed to Russian actors by the U.S. intelligence community. In this incident, a foreign intelligence service is suspected of compromising the software supply chain of the company, which ultimately approved the software to be used in patches to upgrade customer networks using their Orion platform. This way, the hackers avoided having to penetrate a network perimeter by using what was considered a trusted upgrade that is routinely downloaded by network administrators.

A ZT framework assumes a network has been compromised.

"As the threat landscape evolves, so must we," McKeown, Rob Joyce, director of the National Security Agency's Cybersecurity Directorate, and Rear Adm. William Chase, deputy principal Cyber Advisor to the Secretary of Defense, stated in their written testimony. "We must assume the DODIN is compromised and utilize existing and future advanced cyber defense capabilities to isolate and expel intruders. This advanced defense posture is at the core of the ZT framework."

McKeown, speaking for the witnesses in opening remarks, said that not-trusting a network means to "constantly" search for threats and only giving approved users and devices access. So, if a non-trusted user gains accesses to the DODIN, they won't be able to move laterally across the network or expand their privileges to gain further access to the network, he said.

Perimeter and other cyber defense tools are still necessary, McKeown said. His view here has been echoed by top DHS cybersecurity officials who have said that despite hackers using the SolarWinds software as a vector to penetrate some government networks, perimeter detection and intrusion prevention tools remain necessary but that more resources have to be invested in better understanding the applications and components of existing networks and then providing defenses inside these networks.

The defense officials outlined seven pillars to the DoD ZT framework, which are "predicated on our strategy to architect from the inside out." The pillars include the users, which require continuous multifactor authentication, activity monitoring and behavioral biometrics to confirm activity.

The other pillars include application and workloads, which involves containerizing and micro-segmenting to secure software, devices, which require real-time inspections and patching, data for end-to-end encryption and tagging to protect sensitive information, networks and infrastructure that includes next-generation firewalls and physical and software-based segmentation, visibility and analytics to analyze events and activities on the network, and finally automation and orchestration, which refers to the responses and alerts when an incident is detected.

The post Defense Department Accelerating Move To Zero Trust Framework In Response To Recent Hacks appeared first on IIOT Connection.

Inglis retired from the Defense Department in Jan. 2014 and spent 28 of his 41 years of federal service with the National Security Agency, beginning his career at the electronic spy agency as a computer scientist within the National Computer Security Center. He also did tours in information assurance, policy, time-sensitive operations, and signals intelligence operations, according to his biography posted on the U.S. Naval Academy website.

Inglis is a distinguished visiting professor in Cyber Security Studies at the academy.

In 1997, Inglis was promoted to NSA's senior executive service, holding various leadership assignments, including as a visiting professor of Computer Science at the U.S. Military Academy and later as U.S. Special Liaison to the United Kingdom.

The nomination of Inglis followed closely the nomination of Jen Easterly to lead the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.

The White House already has a key cyber security advisor on the staff of the National Security Council, Anne Neuberger, deputy National Security Advisor for Cyber and Emerging Technology. The administration hasn't said how it will ensure that National Cyber Director and Neuberger's roles will be distinct.

Establishment of the National Cyber Director was a key recommendation of the 2020 bipartisan Cyberspace Solarium Commission, which called for the position to serve as the president's principal cyber advisor and main coordinating point within the White House for cybersecurity leadership.

Inglis was a commissioner on the Solarium Commission. He graduated from the Air Force Academy in 1976 and served nine years of active duty with the Air Force and 21 in the Air National Guard. He is also a managing director at Paladin Capital.

The post Biden Nominates Long-Time NSA Official Inglis As National Cyber Director appeared first on IIOT Connection.

The proposed $52 billion fiscal year 2022 discretionary request for DHS would be about $100 million, or 0.2 percent, higher than the current FY '21 budget.

However, the administration's "skinny budget" offers few details at agency and program levels.

These details will be released "in the months ahead," Acting White House Office of Management and Budget Director Shalanda Young wrote to Senate Appropriations Committee Chairman Patrick Leahy (D-Vt.) last Friday.

The topline DHS budget request does include $2.1 billion for CISA, a $110 million increase above the FY '21 enacted appropriation.

"The discretionary request responds, in a variety of ways, to funding challenges precipitated by recent cybersecurity incidents," the 58-page April 9 budget document says.

Those cyber security incidents include hacks, believed to be for conducting espionage, of a number of federal and private sector networks through software provided by SolarWinds Inc. [SWI] and Microsoft [MSFT]. Administration officials have also highlighted a recent cyberattack of industrial control systems at a water treatment facility in Florida that compromised the integrity of the supply inside the facility before it was detected.

The request mentions a provision of $20 million for a new Cyber Response and Recovery Fund but offers no detail on major technology investments such as the Continuing Diagnostics and Mitigation (CDM) program and the EINSTEIN perimeter intrusion detection and prevention system. CISA officials and other cyber experts have highlighted the fact that the SolarWinds hack was done in a way to easily bypass EINSTEIN and that CDM isn't deployed extensively enough across the federal civilian government to provide the necessary visibility and tools to adequately defend against such a sophisticated breach.

"This funding would allow CISA to enhance its cybersecurity tools, hire highly qualified experts, and obtain support services to protect and defend Federal information technology systems," the request says.

Congress in March appropriated $650 million for CISA as part of a larger pandemic-related stimulus package and agency officials have said a chunk of this funding will be put toward CDM. These funds are in addition to the FY '21 appropriations and the new FY '22 request.

The budget request also mentions $1.2 billion for border security, a figure that includes modernizing land ports of entry, border security technology and assets, and "efforts to ensure the safe and humane treatment of migrants" in custody of Customs and Border Protection. No additional funding is proposed for physical barriers and the request proposes that Congress cancel prior unspent funding for the border wall.

"These investments would facilitate more robust and effective security screening to guard against human smuggling and trafficking, the movement of illicit drugs and weapons, the entry of undocumented migrants, and the import of unlawful goods, as well as provide for the more efficient processing of legal trade, travel, and commerce through the Nation's land ports of entry," the budget document says.

The administration is also proposing $599 million across DHS for research and development (R&D), with projects focused "primarily on climate resilience, cybersecurity data analytics, and transportation security technologies." The proposal doesn't breakout how much would be spent on operations and support of the department's agencies that conduct R&D and how much would be spent on actual R&D.

For FY '21, Congress provided the DHS Science and Technology Directorate about $765 million, which was on top of another $127 million appropriated to other components that have R&D responsibilities, including the Coast Guard, CISA, Countering Weapons of Mass Destruction Office, the Secret Service, and the Transportation Security Administration.

The post Homeland Security Budget Proposal Increases Cyber Security Funding appeared first on IIOT Connection.

The cyber sprints are aimed at driving action across DHS, Tim Maurer, senior counselor for Cybersecurity within the Office of the Secretary, said during a virtual panel discussion hosted by the Center for Strategic and International Studies on the DHS cyber mission.

"One of the challenges for a large organization like the department or any large company like that is, how do you channel the attention of the most senior leadership and can empower the work that is happening across the organization and do you provide some strategic direction and a sense of urgency to drive the key priorities forward," Maurer said. "So, the series of sprints is essentially designed to help facilitate the work that is happening across the department, but to use the office of the secretary and the secretary strategically to help drive forward a specific set of priorities."

The six cyber sprints planned for the coming year will begin with one on ransomware, which has moved in recent years from a nuisance to a national and economic security threat, followed by the cyber workforce, and then another on industrial control systems. Those will be followed by sprints related to the transportation sector, election security, and then the international work of DHS.

Maurer said the workforce sprint will go beyond helping DHS to bolster its cyber workforce to include the role the department can play across the federal government and the nation. Cyber security experts frequently say the U.S. is facing a nationwide shortfall of about 500,000 cyber security workers.

The activities around the sprints won't end once the deadline for each effort is completed, Maurer said, adding that the near-term urgency will "drive that work forward and elevate it to a new level."

Michael Daniel, the former cyber security coordinator in the White House during the Obama administration, said the sprints are valuable because establishing the "rapid deadlines, what you're enabling is the process to actually move and not get mired down in just the sort of natural bureaucratic tendencies."

None of the sprints will "solve the problem," but will get things going to "knock down some roadblocks."

Daniel, who is president and CEO of the Cyber Threat Alliance, which is made up of cyber security companies to facilitate the sharing of cyber threat intelligence, said he agrees with the initial issues that Mayorkas has settled on for the sprints.

Ransomware has gone beyond being an "economic nuisance eight years ago to a national security and public health and safety threat today," Daniel said. It's gone from "locking up" a computer for a small ransom to "whole school systems" and companies, with the average ransom payment today being more than $300,000, he said.

Maurer said his role as a senior advisor is to sort out the cyber security issues that need to rise to the secretary's attention, "so that I can either brief him or prepare him, or if something happens suddenly, we have information to go so that he can make decisions."

Maurer said he works across the DHS components, as well as through his counterparts in the interagency, and with non-government organizations such as industry, think tanks and academia. He said the existing "deep bench" of cyber talent at DHS makes his job easier.

DHS is home to the Cybersecurity and Infrastructure Security Agency, frequently referred to as CISA, which has responsibility for protecting federal civilian agency networks and working with the private sector to help strengthen the nation's cyber security posture as a whole. Within DHS, the Secret Service and Homeland Security Investigations division of Immigration and Customs Enforcement work cyber crime issues, and the Coast Guard and Transportation Security Administration work on cyber security issues related to the transportation sector. The department's Science and Technology Directorate also does research and development work in cyber security.

The post Cyber Sprints Create Urgency In Priority Areas, DHS Official Says appeared first on IIOT Connection.

"I think you're going to start seeing a higher risk tolerance for bolder policy changes and that goes from cyber incident reporting, which last year was sort of taboo when we tried to include it in the NDAA, and now it's a common priority," Moira Bergin director of the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation.

The NDAA refers to the fiscal year 2021 National Defense Authorization Act that sets forth policy for the Defense Department and also included 27 cyber security provisions, some for DoD and others for the Department of Homeland Security. The provisions came from some of the legislative recommendations made a year ago by the bipartisan Cyberspace Solarium Commission (CSC) to strengthen the nation's cyber security posture.

Bergin said that in the past, many lawmakers were shy about cyber security issues given the technical complexity but that appears to be on the wane.

There is still "unfinished business" from the commission, Bergin said during a webinar on Women Leaders in Cybersecurity hosted by the DHS Cybersecurity and Infrastructure Security Agency.

Some of that unfinished business that Democratic and Republican lawmakers are discussing includes "systemically important critical infrastructure," the use of "federal market power to raise the bar on cyber security for technology and ICT products purchased in the non-government sector and I think you'll see bolder efforts to grow the cyber security workforce," she said. ICT refers to information and communications technology.

Despite various policy initiatives so far, the cyber workforce at the federal, state and local levels, and private sector continues to lag demand, Bergin said.

The willingness for "more bold action" is the result of three recent high-profile incidents. One, earlier this year, involved an attack on a water treatment facility in Florida that resulted in lye levels being raised to dangerous levels before it was discovered and rectified. In that instance, no users of the water supply were in jeopardy.

The other two incidents involved software supplied by Microsoft [MSFT] and SolarWinds Inc. [SWI] that resulted in nation-state actor breaching private and public sector networks.

"That answer is music to my ears," said Alexis Wales, associate director of CISA's Cybersecurity Division and moderator of the webinar. "As a longtime security professional and someone who takes the practice of risk management very seriously, I can tell you that bolder action in this space and an understanding that we cannot expect our entirety of the country to react with money out of their own pockets to defend against advanced persistent threats and things of that nature."

The post Recent Cyber Attacks Will Embolden Congress To Make Policy Changes, Dem Staffer Says appeared first on IIOT Connection.

The requests by Sens. Gary Peters (D-Mich.) and Rob Portman (R-Ohio) follow a hearing the leaders of the Homeland Security and Governmental Affairs Committee held in March to examine the government's role in public and private sector cyber breaches perpetrated through commercial network management software supplied SolarWinds Inc. [SWI] and email server software supplied by Microsoft [MSFT]. During the hearing, both senators said the federal government needs clear lines of authority and accountability for detecting compromises of federal networks.

They also highlighted the fact that private sector entities first discovered the breaches, which included both private and public sector networks.

"Time and again this committee has discussed the challenges of defending against sophisticated, well-resourced, and patient cyber adversaries," Peters, the chairman of the committee, and Portman, the ranking member, wrote this week in letters this week. "Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack."

The April 5 letters were to Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, and Christopher DeRusha, federal chief information security officer at the White House Office of Management and Budget.

In their letter to Wales, the senators want "unredacted documents" that show what federal information systems were compromised by both cyber hacks and the names of senior officials whose accounts were hacked. They also want to know what is the current DHS cyber security strategy and "intrusion assessment plan," and what the current and planned capabilities are for the department's EINSTEIN perimeter intrusion detection and prevention system, as well as the current and planned capabilities of the Continuous Diagnostics and Mitigation (CDM) program that provides visibility into, and detection and mitigation tools for, federal civilian agency networks.

In the case of the SolarWinds hack, attackers were able to breach networks using the company's software by inserting malware into software patches and updates, which bypass perimeter defenses such as EINSTEIN.

Wales at the hearing in March said that the CDM tools will be an area of increased investment for the federal government following the recent breaches.

In the letter to DeRusha, Peters and Portman asked about the current federal cyber security strategy and plans to update it, "A list of the roles and responsibilities for federal cybersecurity including an assessment of how these defined roles prevent duplicative efforts and facilitated the federal government's response to the SolarWinds attack," and data on the cyber security posture of federal agencies.

As in the letter to Wales, the senators also want DeRusha to provide them with documents on the specific federal networks that were compromised in both attacks and the names of senior officials whose accounts and systems were breached or targeted.

The senators want the requested information by April 20.

The post Peters, Portman Dig Into Federal Response, Capabilities Following Major Cyber Attacks appeared first on IIOT Connection.

The DHS chief also outline four medium- to long-term cyber security priorities as part of a two-track effort to bolster cyber security.

In February, Mayorkas said that his vision for how DHS will lead federal civilian government efforts in cyber security include a series of cyber sprints, some focused on ransomware, the workforce, and industrial control systems (ICS). On Wednesday, he said those three sprints will get underway, first with the ransomware effort, followed by workforce initiatives and then later this summer the focus on ICS.

"The series of sprints will mobilize action by elevating existing efforts, removing roadblocks, and launching new initiatives where necessary," Mayorkas said during a speech hosted by the cyber security firm RSA Security. "Each sprint has a dedicated action plan to drive action within the department and energize our engagement with partners in the private and public sectors, both domestically and internationally."

Coming shortly, DHS is planning two near-term actions related to ransomware, which is malicious software code that essentially locks up computers and networks until victims pay a ransom to the cyber criminals.

The first step will an awareness campaign that engages with industry and other partners such as insurance companies, Mayorkas said. The second step, which he said is on the response side of the equation, will be to "strengthen our capabilities to disrupt those who launch them and the marketplaces that enable them."

The workforce sprint will begin in April and will include a focus on the DHS workforce, he said, mentioning plans for an Honors Program initially focused on cyber security and publishing data, and boosting internal efforts, related to a strategy for diversity, equity and inclusion to attract and retain the best talent.

DHS is also partnering with the Girl Scouts of America to explore opportunities to expand interest in cyber security and is expanding an education and training program to reach teachers, Mayorkas said.

The ICS cyber sprint will be aimed at improving the resilience of these systems, Mayorkas said, highlighting a cyber-attack in February of a water treatment plant in Florida that led to lye levels in the water being increased to a dangerous level before an operator discovered the change and fixed the problem.

The Florida incident "was a powerful reminder of the substantial risks we need to address," he said.

There will be three more sprints in the coming year, focused on protecting transportation systems, election security, and international capacity-building, Mayorkas said.

Mayorkas outlined four medium- to long-term priorities that will have his "sustained" attention, including the "need to cement the resilience of our democratic infrastructures." Noting that progress has been made in security election infrastructures, Mayorkas said that attacks against the U.S. and its allies show a need to secure "all our democratic institutions, including those outside of the executive branch."

A second priority will also build on existing work to secure supply chains, he said, mentioning that the $650 million Congress approved in a recent stimulus bill for the DHS Cybersecurity and Infrastructure Security Agency (CISA) is a "down payment" here. The third priority, which is also related to supply chains and the hack disclosed in December of one company's software used in thousands of networks, is the need to take on supply chain risks "holistically" and consider zero-trust architectures to improve resiliency, he said.

The U.S. must also become more proactive in addressing cyber threats by attending to "on-the-horizon issues," Mayorkas said. He mentioned post-quantum encryption algorithms and the need to focus on protecting "the confidentiality of data."

DHS will develop a plan for how it can help the transition from the development to the adoption of post-quantum encryption, he said, noting that the private sector will drive implementation but the government has a role to "help ensure the transition will occur equitably and that nobody will be left behind."

Mayorkas praised the work that CISA does, lauding its efforts to protect the 2020 elections and its role as the "nation's risk adviser." One of his top priorities will be to "strengthen CISA to execute its mission," he said, and highlighted new authorities recently given the agency by Congress, including threat hunting on federal civilian networks. He also said that CISA is the "most trusted interlocutor" with the private sector and is best positioned within the government to work with industry.

A new campaign is coming to raise awareness of resources and services CISA can provide, Mayorkas said. The agency will also be expanding a cyber security grant program to support the adoption of these services, he added.

CISA is already expanding its coordination with state governments with State Cybersecurity Coordinators and DHS is developing a proposed Cyber Response and Recovery Fund to help the agency assist state, local, tribal and territorial governments, he said.

Mayorkas also highlighted the need for continuing cyber security missions performed elsewhere in DHS, including the Coast Guard, Immigration and Customs Enforcement, Secret Service and Transportation Security Administration.

The post DHS Set To Launch Cyber Sprints; Mayorkas Outlines Cyber Priorities appeared first on IIOT Connection.