CISA Plans to Expand Federal Attack Surface Testing Program

The Cybersecurity and Infrastructure Security Agency is looking to increase visibility across federal networks by expanding a “no-notice” penetration testing initiative known as Federal Attack Surface Testing.

In the fiscal year 2021 defense budget, Congress authorized CISA to hunt cyberthreats on agency networks without prior approval, Federal News Network reported.

Eric Goldstein, executive assistant director for cybersecurity at CISA, told lawmakers on Wednesday that his organization already conducted penetration testing at some agencies earlier in 2023. Testifying before the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection subcommittee, he noted that FAST facilitated follow-up tests to ensure that major vulnerabilities found in web-facing applications were addressed.

Goldstein said the program has been key to his organization’s understanding of cyber threats. He went on to say that FAST will deliver “tremendous value” to CISA’s partners.

According to Goldstein, FAST is expected to complete deployment by yearend.

A separate program called SILENTSHIELD also utilizes CISA’s no-notice authority, he added.