The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: DHS nominees say they'll prioritize cybersecurity

Placeholder while article actions load

Top nominees for President Biden’s Department of Homeland Security vowed to prioritize protecting critical infrastructure after SolarWinds and Colonial Pipeline cyberattacks.

The confirmation hearing  for Biden’s picks for the department’s deputy secretary, general counsel and undersecretary for strategy, policy and plans — John Tien, Jonathan Meyer and Robert Silvers, respectively — came just weeks after a ransomware attack aimed at a major U.S. pipeline.

The emphasis on cybersecurity was a marked difference for senators, which asked those nominees’ predecessors cybersecurity-related questions only in passing during their confirmation hearings for the Trump administration.

By contrast, cyber issues were mentioned dozens of times at Thursday’s hearing, with a handful of lawmakers asking cybersecurity-related questions that touched on recent cyberattacks, including a breach of SolarWinds software affecting at least nine federal agencies, as well as the recent breach of Colonial Pipeline.

“Recent incidents from SolarWinds to Colonial Pipeline have only further highlighted the urgency to secure critical infrastructure and federal networks from cyber attacks,” Silvers said. “If confirmed, I will focus closely on fortifying DHS efforts on this critical work.”

Several cybersecurity-related agencies lie within DHS, including the Cybersecurity and Infrastructure Security Agency, or CISA, the U.S. government’s top civilian cybersecurity agency; the Transportation Security Agency, or TSA, which oversees pipeline security; and the Secret Service, which conducts some cybersecurity investigations.

Silvers also said he envisions the office he’d lead as the hub within the department that would coordinate the department’s approach to cybersecurity across those agencies.

DHS’s cyber mission is expanding as it responds to 21st century threats.

“The threats facing our nation today are very different from those that we faced when the department was created in the aftermath of the 9/11 terrorist attacks,” said Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.). “However, DHS’s mission remains the same — that’s to safeguard the American people.”

With the Colonial Pipeline breach, Silvers said, everyone saw “the devastating and cascading effects that a cyberattack even just on a single organization can have and the impacts that can be felt downstream by many innocent parties.”

The department has changed its cyber posture as recently as this week, when the TSA issued a new cybersecurity directive for pipelines being pitched as the “first step” in preventing such a pipeline cyberattack from happening again. The mandatory cybersecurity requirements would require pipeline companies to notify CISA within 12 hours of a breach. 

The directive’s utilization of the best of both worlds — the TSA's ability to regulate pipelines and CISA's cybersecurity expertise — is “extremely promising,” Silvers said.

Initial priorities, he said, “certainly include enhancing the department's work to elevate the cybersecurity of federal civilian agencies,” noting the sophistication of the SolarWinds cyberattack, which leveraged vulnerabilities in the software.

And a recently issued executive order aiming to strengthen federal cybersecurity furthers, according to Silvers, will “strongly bolster the ability to do that critical work.”

DHS Secretary Alejandro Mayorkas, meanwhile, has said that elevating CISA and cyber issues is a priority.

Mayorkas formed a ransomware task force as part of what he's calling a 60-day sprint to combat the scourge of hacks-for-ransom.

 The next sprint will focus on the cybersecurity workforce, Mayorkas said.

Responding to Sen. Jacky Rosen (D-Nev.), who has introduced a bill to boost the workforce by building a cybersecurity reserve corps, Silvers called the shortage of cybersecurity professionals a “national security issue.” He added that he’d work with Congress to form “pipelines of cyber talent” that could help DHS and the private sector.

The keys

The Russia-linked hackers behind the SolarWinds cyberattack are back, according to Microsoft.

The hackers tried to target 3,000 people across 150 organizations, with at least a quarter of the targeted organizations coming from the humanitarian, human rights and international development sectors, the New York Times' David E. Sanger and Nicole Perlroth report. Many of the emails were blocked by automated software, according to Microsoft, which also said the emails claiming to be from the U.S. Agency for International Development, also known as USAID, were identified this week. Cybersecurity firm Volexity also released details about the campaign.

The group was able to launch the attack after it gained access to the agency's email marketing account, Microsoft vice president Tom Burt said in a blog post.

“It is anticipated that additional activity may be carried out by the group using an evolving set of tactics, Microsoft said. The group may be conducting other similar campaigns, may be spoofing other organizations, or that it may be making use of other mass-mailing services.”

A CISA spokesperson said that it was “aware of the potential compromise” at USAID and that it was “working with the FBI and USAID to better understand the extent of the compromise and assist potential victims.”

A Chinese hacking campaign hit transportation and telecommunication companies, FireEye said. 

Groups including two China-linked hacking groups used vulnerabilities in Pulse Secure VPN software to steal data from organizations that “operate in verticals and industries aligned with Beijing’s strategic objectives,” CyberScoop’s Sean Lyngaas reports. The report by FireEye sheds new light on the hacking campaigns, which FireEye first announced last month.

The company originally said defense and financial companies, along with the government sector, had been targeted.

“Chinese cyberespionage activity has demonstrated a higher tolerance for risk and is less constrained by diplomatic pressures than previously characterized,” the cybersecurity firm said in a blog post. China's embassy did not respond to a request for comment.

Prosecutors are investigating whether Ukrainian officials tried to interfere in the 2020 election.

The FBI and federal prosecutors in Brooklyn are looking into whether the officials tried to spread claims of corruption about President Biden through Rudy Giuliani and others, the New York Times’s William K. Rashbaum, Ben Protess, Kenneth P. Vogel and Nicole Hong report. At least one of the officials has ties to Russia’s intelligence agencies.

Giuliani is not a subject of the investigation, people familiar with the probe told the Times. Giuliani’s lawyer, Robert J. Costello, defended his client's search for information. “When you investigate allegations of corruption, you talk to all sorts of people; some are credible, and some are not.”

Investigators are separately looking into whether Giuliani acted as an unregistered agent for foreign interests.

Industry report

An infamous Israeli spyware firm looks to bolster its image by scoring customers (Yahoo News)

Cyber insecurity

FBI says an APT breached a US municipal government via an unpatched Fortinet VPN (The Record)

Chat room

The TSA's new pipeline cybersecurity rules came under fire for the penalties they lay out. China Law Translate, which is run by Yale Law senior research scholar Jeremy Daum:

Microsoft's Barry Dorrans had this reaction to CISA's announcement:

Daybook

  • Amb. Jürg Lauber, the chairman of the UN’s open ended working group on cybersecurity, and Retired Gen. Keith Alexander, a former director of the NSA and commander of U.S. Cyber Command, speak at an event hosted by The Bridge Foundation and Global Cyber Lab on May 31 at 9 a.m.
  • Rep. John Katko (R-N.Y.), the top Republican on the House Homeland Security Committee, Rep. Ami Bera (D-Calif.) and former Australian Prime Minister Malcolm Turnbull discuss Australia-U. S. collaboration on issues like cybersecurity to compete with China on June 1 at 6 p.m.
  • Microsoft’s two-day European Cyber Agora conference kicks off on June 2.
  • Dr. Joseph Evans, the Pentagon’s Principal Director for 5G, and other officials speak at the Billington Cybersecurity 5G Security Summit, on June 3 at 11 a.m.

Secure log off

Loading...