‘We must raise our game’ to counter sophisticated adversaries, CISA warns
- By Justin Katz
- Mar 11, 2021
While no federal agencies have yet been compromised by the vulnerabilities found in Microsoft Exchange, Cybersecurity and Infrastructure Security Agency officials warned House lawmakers that the latest attack represents "an evolving campaign with new information coming in by the hour."
The multiple high-profile intrusions into both government agencies and private companies means "we must raise our game," CISA acting Director Brandon Wales said.
"Both the Microsoft Exchange vulnerabilities and the SolarWinds campaign highlight the lengths to which sophisticated adversaries will go to compromise our networks. They will use never-seen-before techniques, exquisite tradecraft, zero-day vulnerabilities to defeat our current cybersecurity architecture," he said.
When asked why the Einstein program, which monitors activities flowing in and out of federal agencies, did not prevent the attacks on Microsoft Exchange servers or SolarWinds Orion, Eric Goldstein, the executive assistant director for cybersecurity at CISA, said that Einstein was "reasonably designed" at the time, but its capabilities have become "stale" as technology has advanced.
"For this reason, CISA is urgently moving our detective capabilities from that perimeter layer into agency networks to focus on these end points, the servers and workstations where we're seeing adversary activity today," he said. Goldstein added that there are endpoint detection pilots ongoing at certain agencies and that CISA will use the $650 million it will receive under the $1.9 trillion American Rescue Plan Act to continue scaling those pilots.
CISA has recently deployed a new tool to look for evidence of the supply chain campaign "moving laterally off of the SolarWinds device into the network," Wales added.
"We do recognize that this will be a long journey,” Goldstein said. “It will be a long path to get federal cybersecurity to the point where it needs to be given the sophistication of our adversaries targeting our networks."
This article was first posted to FCW, a sibling site to GCN.
Justin Katz is a former staff writer at FCW.