Dozens of federal agencies have deployed endpoint detection and response technology on their devices to track malicious activity since President Joe Biden mandated the change in an executive order last year, and that number is expected to double by ‘by the end of the fiscal year, according to the Cybersecurity and Infrastructure Security Agency.
During a House Homeland Security Committee hearing on Tuesday, CISA Executive Director Eric Goldstein said the civilian federal government had made “significant progress” in implementing a number of cybersecurity protections. which were developed in response to the SolarWinds hack in 2020. One of those goals was to implement EDR technologies on all known federal devices, a daunting task given that at the time the federal government only still could not identify all devices connecting to branch networks.
According to the administration’s zero-trust strategy, agencies have until 2024 to put the protections in place, but Goldstein said he expects more than half the job to be done by October. .
“At this point, we are in the process of rolling out these EDR tools to 26 federal civilian agencies and expect to be underway in 53 agencies by the end of this fiscal year, just a few months away,” Goldstein said. “Which means that not even a year and a half after the execution of the executive order, we will have EDR deployments underway in more than half of the federal government, with more deployments in the months to come.”
However, completing the job will not happen automatically. CISA and other agencies have been able to tap into temporary or one-time funding to get the technology in place so far, but getting the rest will require additional budget and Goldstein said he “will look forward to working with Congress on annualizing investments under the American Rescue Plan Act as part of the President’s fiscal 2023 budget so that we can ensure this work continues in the months ahead.”
Is the government safer from a SolarWinds-type attack?
The hearing was designed to brief Congress on how federal agencies have complied with the Biden administration’s executive order as well as their efforts to implement zero-trust architectures across agencies and departments.
Along the way, many committee members asked a similar overarching question: Is the federal government more immune to a SolarWinds-type attack today than it was in 2020? Are we any better at finding and closing vulnerabilities that Russian hackers have exploited to compromise at least nine federal agencies and more than 100 private companies?
The answer they got was a mixed yes. Chris DeRusha, the US federal information security chief, said the purpose of the executive order was to “aggressively and ambitiously [shift] our cybersecurity strategy from an outdated mindset to a clear mindset about our adversary’s capabilities and intent. He explained how the Office of Management and Budget measures agency compliance.
“In the Executive Order, we have taken care of root cause issues that take longer to fully resolve. [such as] contractual clauses, deeper barriers. We have also made significant progress on some security measures that have an immediate impact: multi-factor authentication, encryption at rest and in transit,” he said. “We picked a few of those metrics that had the most impact and gave those the highest possible priority, measuring them, having engagements not just with CIOs and CISOs, but also with the management of the agencies, several meetings with the assistant secretaries to monitor and measure progress… and embark on the path of zero trust in the agencies.
DeRusha said the OMB recently directed agencies to comply with the National Institute of Standards and Technology’s recent guidelines for protecting critical software, with agencies taking a phased approach that will first focus on ” stand-alone on-premises software that performs critical security functions”.
On this front, in addition to EDR implementation in civilian agencies, officials also provided updates on a number of other timelines. CISA is bringing a new dashboard online for its ongoing diagnostics and mitigation and implementing new asset management capabilities as the cybersecurity program undergoes a “key evolution” to adapt to post-remote work realities. pandemic, where many feds are increasingly using their cellphones to access federal systems from home.
After the SolarWinds attack, lawmakers ranted that EINSTEIN, a network intrusion system developed by CISA that received hundreds of millions of dollars in funding, failed to identify signs of hackers. entrenched in federal systems for months. This program is also evolving to focus more on three key areas: gaining better visibility into end devices such as servers and workstations, gaining visibility into cloud environments and centralizing data logs, and evolving to use of commercial shared services for perimeter network defense.
Goldstein also claimed significant progress in implementing multi-factor authentication and data encryption on their devices and systems. However, when questioned by Rep. Ritchie Torres, DN.Y., he declined to provide the number of agencies that have completed the task. Torres noted that CISA Director Jen Easterly had promised the committee that all covered civilian agencies would have multi-factor authentication in place by March 2022. When asked if that promise had been kept, Goldstein said indicated that many, but not all, had met the deadline.
“I would say every agency with the ability to deploy MFA and encryption has done so in almost every case,” Goldstein said.