with Aaron Schaffer

The Department of Homeland Security is making cybersecurity one of its top priorities for funding this year, underscoring the Biden administration's growing focus on it as part of national security. 

A new plan released yesterday outlines several areas of investment. DHS Secretary Alejandro Mayorkas later detailed how the agency will take on a rise in ransomware attacks – a form of cyberattack in which hackers hold data hostage in exchange for a fee – against state and local governments and organizations. 

We are currently fighting not only the covid-19 pandemic, but also an epidemic that is spreading through cyberspace: ransomware, DHS Secretary Alejandro Mayorkas said at the President’s Cup Cybersecurity Competition.

The sharp rise in attacks during the coronavirus pandemic have left local governments and the hospital industry representatives asking for increased federal help.

Mayorkas's comments came as DHS announced $25 million in cybersecurity grants to put cybersecurity at the top of the agency's agenda as a part of a larger security initiative. 

With this funding, state and local grant recipients can conduct cybersecurity risk assessments, strengthen their ‘dot gov’ Internet domains, improve the cybersecurity of their critical infrastructure, and conduct additional cybersecurity training and planning, Mayorkas said in a news release.

The renewed focus on ransomware has support in Congress. 

“For several years, the federal government has underestimated the cyber threats posed to state and local networks and neglected the federal government’s responsibility to help defend them,” House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and Rep. Yvette D. Clarke (D-N.Y.), the chair of the panel’s cybersecurity subcommittee wrote in a joint statement.

The lawmakers plan on working with Mayorkas as they reintroduce legislation to boost funding for state and local cybersecurity, they say.

Mayorkas will have to balance increased aid to states with the growing role of the agency in protecting the federal government.

DHS's Cybersecurity and Infrastructure Security Agency (CISA) has a mandate to protect the security of federal civilian government networks and security critical infrastructure, including election systems and more recently the coronavirus vaccine supply chain. The most recent defense funding authorization bill enhanced the agency's mission by providing authorities for the agency to hunt for threats within federal agency networks.

Mayorkas also plans on issuing a directive to require federal agencies to implement vulnerability disclosure programs, which allow security researchers to hunt for bugs in government websites and applications. 

Other new DHS cybersecurity initiatives include plans for a workforce and diversity initiative as well as enhancing international partnerships. 

That's a lot for an agency that has been declared underfunded by its most recent former director. A number of experts agree that a post-SolarWinds push to shore up U.S. cybersecurity defenses can't happen without a significant boost in funding. 

“Looking ahead, it will be critical to ensure that CISA has the resources and capacity to effectively implement its existing and its new authorities,” Mayorkas said in his speech yesterday. 

Members of Congress also are drumming up support for increased funding for CISA. 

Rep. John Katko (R-N.Y.), who wrote to President Biden this week urging him to give CISA a bigger role in the defense of federal agencies, will hammer on the point at today's House Homeland Security Committee hearing on the SolarWinds hack.

CISA still does not have the proper authorities, resources, or holistic visibility into the federal networks enterprise to effectively defend, and nimbly respond to, attacks, he says in his written testimony.

Katko is making funding for the agency a focus as the ranking Republican on the committee, he told Maggie Miller at the Hill

“You’ve got to pay that quarterback handsomely to make sure that they can get quality people,” Katko told the Hill. “They are a bit overwhelmed because the problem they have is monumental. This is what I would consider the modern-day arms race, and China and Russia are badly outspending us.

The keys

Hackers targeted an Oxford research lab studying the coronavirus.

British authorities are investigating the breach, Forbes’s Thomas Brewster reports. The university confirmed the hack after Alex Holden, the chief technology officer of Hold Security, shared with Forbes screenshots of hackers’ access to university systems that included possible lab interfaces. A university spokesman said that machines affected by the attack were used to prepare and purify biochemical samples.

“We have identified and contained the problem and are now investigating further. There has been no impact on any clinical research, as this is not conducted in the affected area,” a university spokesman said in a statement. “As is standard with such incidents, we have notified the National Cyber Security Centre and are working with them.”

Holden said that the hackers have a history of selling stolen data to buyers that have included foreign governments. He also said the hackers spoke Portuguese

SolarWinds forecasts lower-than-expected profits after a hack on its software.

The company said it expects its adjusted first-quarter earnings to be around 19 cents or 20 cents per share, lower than analysts’ average projection of 22 cents per share, Bloomberg News’s Jordan Robertson reports. The company expects to spend $20 million to $25 million on cybersecurity this year in the wake of the attack, which exploited SolarWinds and other software. The company said it spent $3.5 million in onetime expenses at the end of last year to deal with the hack.

Congress and the White House are scrutinizing the cyberattack, which compromised systems at nine federal agencies including NASA and the Federal Aviation Administration. SolarWinds’s new CEO, Sudhakar Ramakrishna, told Congress this week that the hack could have happened to any software company and the company is working on improving its security.

Tibetan dissidents were hacked by China-linked hackers.

The hacking group at the center of the cyberattack has a history of targeting the Tibetan diaspora community, Proofpoint researchers say. Hackers were able to control victims’ Gmail addresses through the attack, which installed a malicious Firefox extension. 

The hackers have gone after Tibetan dissidents before. Proofpoint said last year that they impersonated World Health Organization coronavirus guidance to attack European institutions and organizations. 

Marshall Erwin, Mozilla's chief security officer, said in a statement that Mozilla blocked the extension for violating Firefox policies.

Daybook

  • The House Oversight and Homeland Security Committees hold a joint hearing on the cyberattack on SolarWinds and other companies today at 9 a.m.
  • Former Secretary of Defense and CIA director Robert Gates speaks at a Washington Post Live event today at 2 p.m.
  • The Center for Strategic and International Studies holds the second event in its series on the cyberattack on SolarWinds and other software today at noon. 
  • Former Cybersecurity and Infrastructure Security Agency director Chris Krebs speaks at an Atlantic Council event on 2020 election misinformation on March 3 at 3 p.m.
  • The Atlantic Council hosts a cybersecurity event with industry leaders on March 4 at 1 p.m.
  • House Armed Services Committee Chairman Adam Smith (D-Wash.) speaks at an event hosted by the Brookings Institution on March 5 at 11 a.m.
  • Duke University’s engineering school hosts a seminar on cybersecurity threats amid remote work on March 5 at noon.
  • U.S. Cyber Command executive director Dave Frederick speaks at an event hosted by the Intelligence and National Security Alliance on March 10 at 4:30 p.m.

Secure log off

Texting your ex never works out.