The Cybersecurity and Infrastructure Security Agency (CISA) is working on a “hardened” cloud environment that it can evaluate through pilots with Federal agencies, CISA Acting Director Brandon Wales told senators on May 11.
Testifying before the Senate Homeland Security and Governmental Affairs Committee, Wales was asked by Sen. Jackie Rosen, D-Nev., about techniques used in the SolarWinds Orion cyber attack revealed last December, and how CISA is using experience from that hack to identify new vulnerabilities or inform its threat-hunting activities.
Wales explained that the SolarWinds attack was characterized by a “series of small, novel techniques strung together,” but also revealed that CISA’s visibility into the security of cloud services used by Federal agencies was less that optimal.
Mindful of the need address Federal agency gaps in configuration and architecture, Wales said that CISA is using some of the $650 million in extra funding it received in the American Rescue Plan Act to stand up a “hardened” cloud environment that it can pilot with Federal agencies, and then share with the rest of the government.
During an exchange with Sen. Rob Portman, R-Ohio, the ranking member of the committee, Wales said CISA’s work on the threat-hardened cloud environment was aimed for use with the business systems of Federal civilian agencies.
In addition to that effort, Wales said CISA was employing the recent infusion of funding to expand its defensive cybersecurity teams to undertake more threat-hunting activities on Federal agency networks, deploy new endpoint detection and response tools on Federal agency networks, and help agencies move toward zero trust-based approaches for security.
Senate Eyes Legislation
Elsewhere during the hearing, Sen. Portman pressed Wales for further information in response to a letter from the committee last month, saying that the committee needs the information to help it move forward with legislation that would respond to the SolarWinds attack.
The senator did not reveal specifics of any possible bill, but said the legislation would be “more helpful to responding to the kinds of attacks that we are discussing today.”
In particular, Sen. Portman wanted to know more about the extent to which the Department of Homeland Security (DHS) was impacted by the attack, and he cited news reports saying that the acting DHS secretary’s email account was breached.
Wales said he declined to discuss that last point during an open hearing, but more generally said that “a small number of accounts” at DHS and CISA had been compromised. He added that the compromise at DHS “only affected our business email networks” and not the agency’s operational networks “where most of our security work is done.”
Sen. Portman reiterated that the committee needs to know the extent of the SolarWinds attack “to be able to legislate properly, and provide the proper oversight.” Sen. Gary Peters, D-Mich., chairman of the committee, backed up Sen. Portman on that front, saying, “we need to have the information.”