Supply chain attack
CISA Adds SecurityScorecard’s Attack Surface Intelligence Solution to Approved Products List
The Cybersecurity and Infrastructure Security Agency has expanded its Continuous Diagnostics and Mitigation Program’s approved products list with the addition of SecurityScorecard’s Attack Surface Intelligence solution.
Attack Surface Intelligence provides agencies with actionable intelligence and the ability to identify, contextualize and prioritize critical threats, including vulnerabilities tied to third-party vendors, to help them make informed decisions and prevent operational disruptions.
Continuous monitoring for cyber risk and supply chain risk is an essential capability for the federal government in view of attacks that take advantage of software supply chain flaws.
The SolarWinds Orion breach in 2020 is one of the most widespread and sophisticated hacking campaigns in the United States, according to a Government Accountability Office report. At the time, SolarWinds sent out software updates to its customers that included code that enabled hackers to install malware on systems and spy on several agencies and companies using Orion to manage their IT resources.
Ransomware attacks are another security challenge facing the government. The U.S. Marshals Service recently launched an investigation into a ransomware attack that compromised the service’s sensitive information, including the personal data of employees and information about wanted fugitives.
Tags: Attack Surface Intelligence CISA Continuous Diagnostics and Mitigation cybersecurity ransomware SecurityScorecard SolarWinds supply chain attack