The Cybersecurity and Infrastructure Security Agency plans to have a national strategy in place to increase the quality of cyber threat information shared by all parties within the year.

“CISA will build its national cyber threat information sharing strategy in collaboration and coordination with its partners and stakeholders,” reads the agency’s response to a recent Department of Homeland Security Inspector General report on the issue. “This national strategy is projected to be completed during the fourth quarter of FY 2021. The estimated completion date is September 30, 2021.”

The IG found that while CISA had implemented the basic requirements of a 2015 information sharing law—critics at the time decried the Cybersecurity Information Sharing Act as being more about surveillance than security—it made “limited progress” on that front during 2017 and 2018. While there were a lot of participants willing to take relevant information, there were very few willing to give it, the report said, leading to poor overall quality of the data in CISA’s Automated Indicator Sharing system.

“The limited number of participants that share cyber threat information in AIS is…

Read More…

Whether it’s protecting a government-supported effort to produce coronavirus vaccines and treatments, or preventing interference in this November’s election, the Cybersecurity and Infrastructure Security Agency is working with industry partners to stay on top of the latest cyber threats.

In order to get a better sense of the biggest threats to national critical infrastructure, CISA is working with an Energy Department national laboratory to create a new cyber-risk framework.

Daniel Kroese, the acting deputy assistant director of CISA’s National Risk Management Center, said the National Critical Functions Risk Architecture won’t be the “perfect formula that predicts the future” of major cyber risks, but the big-data platform will identify some of the “common pathways” of cyber attacks on sectors such as energy, telecommunications and finance.

CISA’s rollout of its cyber framework comes at a time when the agency has shifted to emerging areas in need of protection, and better to quantify the “cyber loss” from incidents in the private sector.

Kroese said those impacts can…

Read More…

Cybersecurity

CISA hires cyber risk experts to meet emerging threats

• By Mark Rockwell
• Jul 22, 2020

 

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency brought on two hired hands to help it grapple with shifting infrastructure cyber risks as the COVID-19 crisis grinds ahead.

The agency brought on Josh Corman as a visiting researcher and Rob Arnold to join CISA’s National Risk Management Center as a senior cybersecurity and risk management advisor. The positions are temporary and set up under CARES Act authority, according to a July 22 CISA statement.

“The COVID-19 pandemic has resulted in noticeable shifts in cyber risk calculations for organizations of all sizes,” said CISA Director Christopher Krebs in the statement. “The hardware, software, and services that underpin our connected infrastructure have absolutely been tested and stressed in this telework-heavy environment. At the same time, certain organizations and sectors of our economy have become more attractive targets for adversaries.”

Krebs said the shifting threats require an…

Read More…

Agencies face a quick turnaround to address a known vulnerability in Windows Domain Name System servers.

The Cybersecurity and Infrastructure Security Agency, under an emergency directive, is giving agencies until 2 p.m. Friday, July 17, to apply a patch released Tuesday — or a “temporary registry-based workaround” — for Windows Servers running DNS.

“CISA has determined that this vulnerability poses unacceptable significant risk to the federal civilian executive branch and requires an immediate and emergency action,” the agency wrote in its emergency directive.

CISA issued the emergency directive “based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise.”

CISA Director Chris Krebs wrote in a separate blog post that this marks the third emergency directive he’s approved during his tenure.

In January, CISA required “emergency action” from agencies on Microsoft’s Windows operating system vulnerability, giving…

Read More…

Many agencies have seen their IT and cybersecurity workloads balloon during the coronavirus pandemic and with more federal employees seeking remote access to networks while teleworking.

But aside from a few agencies focused on the brunt of pandemic response, the Cybersecurity and Infrastructure Security Agency has most agencies remaining on-target with keeping inventory of where their data is stored and how it’s protected under the Continuous Diagnostics and Mitigation program.

Kevin Cox, CISA’s CDM program manager, said the agency will establish the information exchange between agency dashboards and the new federal  CDM dashboard in the second quarter of fiscal 2021, and will complete the migration by the end of the fourth quarter.

The new dashboard puts a focus on building agency trust in the underlying reporting data behind the dashboard and related algorithms. CISA released a minimal viable product for the federal CDM dashboard in April, and agency systems integrators are currently reviewing and deploying it.

“We have the overall process finalized, [we’re] working with agencies now to go through…

Read More…

Episodic, nuisance-level hacktivism continues to accompany protests in the US. According to KXAN, Anonymous has claimed responsibility for taking down an Austin, Texas, public website in an anti-police gesture, and Variety reports that K-Pop fans remain an odd force in social media hashtag-jamming.

Kaspersky reports finding a new strain of USB-based malware, USBCulprit, that’s being run by Chinese-speaking threat actors, “Cycldek” or “Goblin Panda” (“two operational entities that are active under a mutual quartermaster”). USBCulprit is intended for use against air-gapped systems; its targets have been in Southeast Asia.

POLITICO sees the German intention to prosecute a Russian GRU officer for hacking the Bundestag as indicating hardening European attitudes toward Russian cyber operations. (Even TASS is authorized to take notice of the indictment.)

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) yesterday announced the launch of a new public resource for information about cybersecurity and the other areas in the agency’s portfolio.

CISA Director Krebs yesterday said in an interview on Intelligence Matters that as a matter of course…

Read More…