CISA has issued a new Operational Directive aimed at strengthening federal networks’ cyber defenses. As the article outlines, the directive is part of a larger effort by the agency to address the challenges posed by Russia’s state-sponsored attacks on critical infrastructure. In addition, the DHS has recognized the need to increase its ability to monitor distributed environments to find and remediate vulnerabilities. The agency has also found it difficult to attract and retain skilled cybersecurity personnel to fill positions.
Understanding and Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure
There is a growing threat of malicious cyber activity from Russia against the US critical infrastructure. This is especially true as tensions rise in Eastern Europe. It is imperative that all organizations raise their cyber resilience to withstand attacks.
Russian state-sponsored actors have been using malware and other tactics to target and disrupt critical infrastructure in the U.S. The cyber threat is now more pervasive, so all organizations must accelerate their plans to increase their cyber resilience.
The Russian Federal Security Service (RFSS), a successor agency to the former Soviet KGB, has targeted several critical infrastructure organizations, including utilities, energy companies, aviation networks, and transportation companies. They have also been conducting spearphishing campaigns to steal credentials and gain access to targeted networks.
The Russian Foreign Intelligence Service (“SVR”) has also been involved in targeting critical infrastructure organizations. They bypass multi-factor authentication on cloud accounts, allowing them to access systems with minimal effort. They also have conducted large-scale scanning of servers to find vulnerable systems.
Recruiting and retaining cyber talent has been a long-term challenge at DHS
The Department of Homeland Security (DHS) has been facing a long-term challenge of recruiting and retaining cyber talent. But the agency has recently taken steps to improve the process.
DHS’s new talent acquisition system, called the “Cybersecurity Talent Management System” or CTMS, designed to get new employees onboard more quickly. It also includes a new compensation system.
This system allows DHS to reorganize its hiring process, allowing the agency to bypass the usual job posting requirements. Instead, prospective employees will require to demonstrate their expertise through a competency-based assessment. It will also require them to submit a real-world simulation.
DHS hopes that the new program will encourage employers to recruit candidates with diverse backgrounds. DHS plans to work with minority-serving institutions, and it will offer career development opportunities to help women and underrepresented groups enter the workforce.
The DHS Intelligence and Cybersecurity Diversity Fellowship Program offers students a paid internship. The goal is to attract qualified college students to the cybersecurity industry.
Increasing visibility across distributed environments to remediate vulnerabilities
There is a lot of hype about the Internet of Things (IoT) and cloud computing, but if you are looking to make the leap into the cloud, you should first consider your cybersecurity posture. Many companies have workloads in multiple cloud locations and are susceptible to attack because of this. Fortunately, there are several tools that can help you increase visibility across distributed environments and mitigate risks, such as VMware’s Vulnerability Management and Skybox’s Security Posture Management.
For example, one of the most important steps in securing a cloud environment is to collect data on your network. You can do this through a variety of methods, but the most efficient approach is to leverage APIs. This allows you to connect to various cloud services without the need for manual intervention.
Another important step in achieving your cloud security goals is to implement identity management controls. This is especially important when you are deploying a hybrid cloud infrastructure. This will also help you minimize your overall risk profile.
Cross-agency collaboration is challenging
Efforts to improve the effectiveness of federal cyber defenses through cross-agency collaboration are crucial. While there are many advantages to these collaborative approaches, there are also some potential challenges.
For starters, the federal government has limited resources and suffers from several classification and budget limitations. These constraints have resulted in a lack of institutional capacity for collective defense. In addition, several silos have limited communication and coordination between agencies. The challenge for federal cyber defenses is to create a system that able to quickly analyze and respond to cyber threats.
To address these challenges, the federal government has started a project to implement a collaborative defense approach. Researchers from the Cyber Project, funded by the Technology Modernization Fund, conducted interviews with a variety of actors from the federal government, state government, and private sector. They poured over existing research and incorporated lessons from the Team of Teams and Cyberspace Solarium Commission reports.