Cybersecurity Saturday

From the cybersecurity policy front, Cyberscoop reports

The Cybersecurity and Infrastructure Security Agency announced a Binding Operational Directive on Monday ordering federal civilian agencies to enhance efforts to detect vulnerabilities in their networks, a move that CISA Director Jen Easterly hopes the private sector will emulate.

The Improving Asset Visibility and Vulnerability Detection on Federal Networks, or BOD 23-01, directive is designed to improve “asset visibility and vulnerability detection on federal networks,” Easterly told reporters during a CISA roundtable discussion on Monday. Federal civilian agencies now will be expected to report detailed data about vulnerabilities to CISA at timed intervals using automated tools, she said.

“We have said consistently that we are on an urgent path to gain visibility into risks facing federal civilian networks,” Easterly told reporters. “This is a movement essentially to allow CISA, in its role as operational lead for federal cybersecurity, to manage federal cybersecurity as an enterprise.”

Cyberscoop adds

The congressional commission charged with bolstering U.S. cyber defenses has already seen plenty of its recommendations realized: the appointment of a national cyber director, increased CISA funding and a State Department cyber ambassador.

And a new report released Wednesday shows the Cyberspace Solarium Commission is on track to have 85% of all of its recommendations implemented with the remaining either facing some hurdles or “significant barriers.”

The commission progress report shows that nearly 60% of its original 82 recommendations have been fully or nearly implemented and more than 25% are on track to be realized.

From the cyber breaches and vulnerability front

Cybersecurity Dive reports

An “IT security incident” reported this week by CommonSpirit Health, one of the nation’s largest health systems, is likely a cyberattack, security experts said.

CommonSpirit announced on Tuesday that an unspecified security incident was affecting multiple regions and interrupting access to electronic health records. As a precautionary step, some systems were taken offline as a result of the incident, the system said. * * *

While few details have left some to speculate on the nature of security incident at Chicago-based CommonSpirit Health, moving systems offline and interrupting access to electronic health records is viewed as a defensive move, security experts told Healthcare Dive. 

It’s possible that an “an attacker has access or is trying to get access to their system and they want to do whatever they can to prevent that. So what’s the easiest way to do that? Unplug everything,” said Allie Mellen, senior analyst of security and risk at Forrester, a research and advisory firm for various industries. 

The Health Sector Cybersecurity Coordination Center released a presentation on “Abuse of Legitimate Security Tools and Health Sector Cybersecurity.” The presentation discusses how bad actors can turn “tools used to operate, maintain and secure healthcare systems and networks ” against that infrastructure.”

From the ransomware front

  • The Government Accountability Office released a report on the topic. “Homeland Security, FBI, and Secret Service help state, local, and other governments prevent or respond to ransomware attacks on systems like emergency services. Most government entities said they were satisfied with the agencies’ prevention and response efforts. But many cited inconsistent communication during attacks as a problem. We recommended that the federal agencies address cited issues and follow key practices for better collaboration.”
  • ZDNet informs us, “Over half of ransomware attacks now begin with criminals exploiting vulnerabilities in remote and internet-facing systems as hackers look to take advantage of unpatched cybersecurity issues. According to the analysis of ransomware incidents during the past year by researchers at security company Secureworks, 52% of attacks started with malicious hackers exploiting remote services.”
  • As almost always, Bleeping Computer offers us The Week in Ransomware.

From the cyber defenses front

  • CISA kicked off National Cybersecurity Awareness Month last Monday. “This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.” Here’s CISA’s event page.
  • The National Cybersecurity Alliance joins CISA in sponsoring this awareness event. The Alliance shared four points (plus one) on staying safe online.
  • Cybersecurity Dive cautions that multifactor authentication is a cybersecurity tool, not a solution.