Hello, Guest!

Cybersecurity

CISA Plans to Expand Federal Attack Surface Testing Program

Cyber threat hunting

CISA Plans to Expand Federal Attack Surface Testing Program

The Cybersecurity and Infrastructure Security Agency is looking to increase visibility across federal networks by expanding a “no-notice” penetration testing initiative known as Federal Attack Surface Testing.

In the fiscal year 2021 defense budget, Congress authorized CISA to hunt cyberthreats on agency networks without prior approval, Federal News Network reported.

Eric Goldstein, executive assistant director for cybersecurity at CISA, told lawmakers on Wednesday that his organization already conducted penetration testing at some agencies earlier in 2023. Testifying before the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection subcommittee, he noted that FAST facilitated follow-up tests to ensure that major vulnerabilities found in web-facing applications were addressed.

Goldstein said the program has been key to his organization’s understanding of cyber threats. He went on to say that FAST will deliver “tremendous value” to CISA’s partners.

According to Goldstein, FAST is expected to complete deployment by yearend.

A separate program called SILENTSHIELD also utilizes CISA’s no-notice authority, he added.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Cybersecurity