Cybersecurity Saturday

Cybersecurity Saturday

Photo by Christine Sandu on Unsplash

Healthcare Dive reports that

  • The COVID-19 pandemic has created an upheaval in healthcare cybersecurity, according to a new report from CI Security, as the use of personal devices to conduct work tasks has boomed.
  • And despite the dramatic growth in telehealth services, “many healthcare organizations are still struggling to implement digital health initiatives in a secure manner,” according to the report. Telehealth became vulnerable to attack almost as soon as providers began relying on it to treat patients.
  • CI Security analyzed breaches publicly reported to HHS, and the results are grim. Breach reports were up 35.6% in the second half of 2020 compared to the first half, while the number of patient records that were breached increased more than 180%, although the bulk of those incidents are tied to business associates rather than providers directly. However, CI Security officials fear that the situation will continue to deteriorate in 2021 unless healthcare organizations take proactive steps.

On February 10, the House of Representatives Homeland Security Committee held a hearing on assessing cyberthreats and building resilience. Cyberscoop reports on the hearing here.

Chris Krebs, who served as the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, on Wednesday also hinted at the complexity of the security threats against American systems when he suggested a disgruntled employee was “very likely” behind a breach at a Feb. 5 water treatment facility in Florida. While a federal investigation into the incident — in which an attacker attempted to change the level of sodium hydroxide to a dangerous level for consumption — remains ongoing, Krebs also said an attacker outside the U.S. may have been the culprit.  “This is why we do investigations,” he said.

On the Solarwinds backdoor hack front, informs us that

Reacting to senators’ criticism of a disorganized response to a massive government hack, the White House said a top cybersecurity adviser is leading the recovery.

The news Wednesday [February 10] that Anne Neuberger, deputy national security adviser for cyber, is in charge of responding to the Russian breach pleased Senate Intelligence Committee leaders, who called the effort disjointed a day earlier and have pushed for more information about federal cybersecurity.

“The federal government’s response to date to the SolarWinds breach has lacked the leadership and coordination warranted by a significant cyber event, so it is welcome news that the Biden administration has selected Anne Neuberger to lead the response,” said Sens. Mark Warner, D-Virginia, and Marco Rubio, R-Florida, the committee chairman and vice chairman, respectively. “The committee looks forward to getting regular briefings from Ms. Neuberger and working with her to ensure we fully confront and mitigate this incident as quickly as possible.”

Before moving to a new cybersecurity-focused role on the National Security Council, Neuberger was the first director of the National Security Agency’s Cybersecurity Directorate, created in 2019 to provide the private sector key intelligence to bolster national cybersecurity.

Media reports noted that the Biden administration said Neuberger has been the point person on the federal response all along, but that role had not been known publicly.

Finally, Meritalk tells us about a cybersecurity colloquium held earlier this week.

The advent of new leadership in the White House and the still-unfolding impact of the Russia-backed hack of thousands of government and private-sector networks via SolarWinds Orion products are leading to a fresh consideration of options to improve Federal cybersecurity, panelists said on Feb. 9 at the Resiliency Colloquium event organized by MeriTalk, ACT-IAC, and the Partnership for Public Service.

Former Federal CIO Tony Scott, who moderated a panel discussion on cybersecurity, explained that the China-based hack of Office of Personnel Management (OPM) records came to light early in his tenure in 2015, and “caused us to look around and say what else do we need to worry about.”

Sean Connelly, who manages the Trusted Internet Connections (TIC) program at the Cybersecurity and Infrastructure Security Agency (CISA), recalled that the government’s response to the OPM hack included a burst of activity from the Office of Management and Budget (OMB) on improving security. “A lot of the discussions we are having across the Federal government echo some of those same tenets,” he said.

In a general way, Connelly mentioned that security discussions inside government currently include issues such as the surge in Federal teleworking, the use of home networks in that regard, and opportunities presented by cloud services. “A lot of different areas have come together now to move us forward” in a similar way as following the 2015 OPM breach, he said.

Cybersecurity Saturday

Photo by Christine Sandu on Unsplash

The Wall Street Journal reports today that

Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack.

Close to a third of the victims didn’t run the SolarWinds Corp. software initially considered the main avenue of attack for the hackers, according to investigators and the government agency digging into the incident. The revelation is fueling concern that the episode exploited vulnerabilities in business software used daily by millions. * * *

The attackers “gained access to their targets in a variety of ways. This adversary has been creative,” said Mr. Wales, whose agency, part of the U.S. Department of Homeland Security, is coordinating the government response. “It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”

That is chilling news. What should be done?

In that regard, Fortune seeks to untangle the U.S. cybersecurity “mess” for us. The article explains

Restructuring [the U.S. cybersecurity] system is core to the work of the Cyberspace Solarium Commission, a task force commissioned by Congress to help reform U.S. cybersecurity. “Our focus [is] on making the market more effective at driving good behavior,” says commissioner Suzanne Spaulding, a senior adviser for cybersecurity and counterterrorism at the Center for Strategic and International Studies. “If the market isn’t performing the way it should, why isn’t it?” 

The commission spent the past year drawing up a wide-ranging list of recommendations, and in January, 26 of them became law as part of the 2021 National Defense Authorization Act. The NDAA creates a White House–level Office of the National Cyber Director and grants new private-sector threat-response powers to the federal Cybersecurity and Infrastructure Security Agency—significant changes that commission members hope will prompt closer collaboration between government and industry on security standards. “A lot of the recommendations, some of us have been making for years,” says Cilluffo, who’s also a commissioner. “But the political will was not where it needed to be. Now, we don’t need any reminders.”

Solarium’s mandate has been extended for at least another year, and its next round of advocacy and recommendations will focus more squarely on the private sector. The goal: creating better incentives for building secure software and sharing intelligence about cyberthreats.

On the personnel front, GovConWire reported last week that

Sources said Biden is likely to name [Jen] Easterly to the newly created role of national cyber director at the White House to help guide the current administration’s cybersecurity strategy and oversee digital security efforts of agencies.

Easterly is head of resilience at Morgan Stanley and previously served as deputy director for counterterrorism at the National Security Agency between 2011 and 2013. She served in the National Security Council as special assistant to the president and senior director for counterterrorism during the Obama administration.

Healthcare Dive also noted that “The Biden administration hired Chris DeRusha as federal CISO, tasking him with coordinating cybersecurity policy across federal agencies. DeRusha previously served as the top cybersecurity officer for the Biden presidential campaign.”

Cyber Scoop adds with respect to the ongoing investigation that

[L]awmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago.

A group of lawmakers led by Sen. Ron Wyden, D-Ore., is asking the NSAwhat steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government.

Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill— and concern in the Pentagon about the potential exposure of its contractors to the hack — there has been no public U.S. government assessment of who carried out the hack, and what data was accessed.

Lawmakers are now hoping that, by cracking open the Juniper cold case, the government can learn from that incident before another big breach of a government vendor provides attackers with a foothold into U.S. networks.