Administration of President Biden advances in deployment of zero trust security approach
The United States is making strides in bolstering its cybersecurity, following a series of high-profile attacks, including the Russia-linked SolarWinds supply chain attack in 2020, the Microsoft Exchange Server attack linked to China in March 2021, and the ransomware attack on Colonial Pipeline in May 2021.
A hearing chaired by Rep. Yvette Clarke, D-NY, before the Committee on Homeland Security's Subcommittee on Cybersecurity, Infrastructure Protection and Innovation, highlighted the progress made in this regard. The hearing focused on the implementation of commercial Endpoint Detection and Response (EDR) capabilities, as mandated by President Joe Biden's Executive Order 14028.
According to Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), the federal government is rolling out commercial-grade EDR capabilities to 26 government agencies, with a goal of reaching 53 agencies by the end of the fiscal year.
The deputy national cyber director for federal cybersecurity and federal CISO, Christopher DeRusha, testified that federal agencies have made "tremendous progress" in implementing the cybersecurity upgrades mandated in President Biden's executive order. DeRusha also emphasised that relying on outdated, perimeter-based cybersecurity approaches is no longer sufficient to keep sophisticated actors out of systems.
The SolarWinds attack, perpetrated by a state-linked threat actor known as Nobelium by Microsoft, remained undetected in key U.S. government agencies and major private sector technology companies for months. This attack exposed significant vulnerabilities in the U.S. IT infrastructure and cyber defense capabilities.
To address these vulnerabilities, CISA has improved visibility into the security of federal agencies through updates to its Continuous Diagnostics and Mitigation (CDM) program. The updated CDM system provides detailed information on vulnerabilities, configuration flaws, and asset status across 65 federal agencies, according to Goldstein's written testimony.
In addition, CISA, working with partner agencies, has added new contract language requiring federal contractors to share threat information. Further steps are being taken to implement multi-factor authentication and secure a mobile federal workforce.
Katell Thielemann, VP analyst at Gartner, stated that the executive order represents the start of a long journey for the Biden administration, with additional work needed to enable the government and private sector to effectively combat modern state-sponsored adversaries. Thielemann also noted that as progress is made, it should help agencies improve their risk profile, but the threat landscape continues to evolve.
Corporate stakeholders are seeking to better understand the risk calculus of their technology stacks, with a focus on determining whether they are potential targets. This reflects an evolving role for CISOs, who are increasingly being called upon to provide insight into the cybersecurity risks facing their organizations.
CISA, in collaboration with the National Institute of Standards and Technology (NIST), developed an inventory of critical software and placed strict development and security controls on software providers. These measures aim to prevent future attacks like the SolarWinds breach.
Officials emphasised the need for significant investment to modernize government IT systems. As the U.S. continues to face cyber threats from state-sponsored actors, these efforts are crucial in strengthening the nation's cybersecurity posture.
