CISA Seeks Cybersecurity Improvements Following SolarWinds Orion Hack

The Cybersecurity and Infrastructure Security Agency is looking to implement cybersecurity improvements in light of the SolarWinds Orion hack, which affected multiple federal networks, according to the agency’s acting director, Brandon Wales.

Speaking at an event hosted by the Business Council for International Understanding, Wales acknowledged weaknesses in the government’s Einstein intrusion detection system, whose perimeter-focused security measures proved incapable of stopping the recent breach, FCW reported Thursday.

With the breach in mind, Wales said it is imperative that improvements be made to enhance the government’s ability to stop similar attacks in the future.

He told attendees at the event that CISA is looking at ways to internally monitor anomalous activities across networks. The agency envisions doing so by implementing a network management system that can communicate with an entity outside the network through an encrypted channel.

Wales also wants to raise software assurance in the wake of the SolarWinds Orion hack. While reviewing all the code for every piece of software seems unrealistic, the government can modify contracts to ensure that private vendors have appropriate levels of security in place, FCW said.

“What made SolarWinds so devastating was that SolarWinds devices are normally configured to have broad administrative rights on a network. If a system is like that, if it has broad administrative rights then it requires further hardening inside of your network,” he said.