Cybersecurity News in Review

Robert DuPree
January 8, 2021 • 5 min read

This week’s cybersecurity news in review includes a number of articles on the SolarWinds breach and its impact, as well as coverage of House approval of FedRAMP reform legislation, release of a new federal National Maritime Cybersecurity Plan, and updated TIC security guidance for remote work from CISA.  There are also stories on the Commerce Department’s plans to review its own cyber threat info sharing practices, cybersecurity provisions in the National Defense Authorization Act recently approved by Congress over the President’s veto, and the benefits of a new law dealing with IoT cybersecurity.

U.S. says Russians likely behind the SolarWinds hack

CyberScoop reports that the FBI, CISA, along with other agencies investigating the cyber espionage operation that exploited vulnerabilities in SolarWinds software, publicly confirmed Jan. 5 that the hack was “likely Russian in origin,” and called it “a serious compromise that will require a sustained and dedicated effort to remediate.” The statement also said that while the malicious software update went to some 18,000 government and private-sector customers, fewer than 10 federal agencies were actually compromised. Read more…

CISA issues new guidance for agencies to deal with SolarWinds breach

According to FedScoop, the Cybersecurity and Infrastructure Security Agency issued new supplemental guidance Jan. 8 instructing any federal agencies that have been using the compromised SolarWinds Orion software to conduct a forensic analysis by the end of January, and take other actions in response to the hack of the Orion software. Read more…

Micosoft: Hackers viewed its internal code following SolarWinds breach

Security Week reports that Microsoft confirmed Dec. 31 that attackers behind the SolarWinds hack gained access to Microsfort’s internal “source code,” a key building block for its software. But Microsoft insisted the breach did not result in any compromise or modification of its software.  Read more…

Solar Winds hack may have impact on leading defense firms

C4ISRNet looks at how leading U.S. defense contractors, who are customers of SolarWinds, might have been affected by that companies software breach, but that confirmation of that may take time.  Read more…

CISA says SolarWinds hack also affecting state and local governments, critical infrastructure

The Hill reports CISA has warned that the SolarWinds breach, which gave hackers access to federal networks, may have also impacted state and local governments, as well as critical infrastructure organizations, and it urged such entities o take precautions. Read more…

Biden addresses SolarWinds attack, vows to modernize U.S. cyber defenses

FedScoop quotes President-elect Joe Biden as saying Dec. 28 that his administration will make it a priority to modernize U.S. defenses against adversaries in cyberspace, and he called the recent discovery of the SolarWinds hack “a “grave risk” to national security and vowed to do “all that needs to be done” to hold the culprits accountable.  Read more…

House approves legislation to codify, improve FedRAMP

GCN says the House of Representatives approved bipartisan legislation Jan. 5 that would codify and reform the Federal Risk and Authorization Management Program (FedRAMP) which agencies use to on-ramp cloud computing technologies. The bill also would authorize $20 million to increase the number of secure cloud technologies available for agency adoption, allow reuse of existing security assessments by other agencies, and require that GSA automate its FedRAMP processes.  Read more…

National Maritime Cybersecurity Plan released

Security Week reports the federal government released Jan. 5 its National Maritime Cybersecurity Plan, which included a list of top-priority items to mitigate cuber threats and better provide security to the nation’s maritime sector. Read more…

CISA issues updated TIC security guidance for remote work

According to FedScoop, DHS’ Cybersecurity and Infrastructure Security Agency (CISA) released network security guidance Dec. 23 for federal agencies relying on employees teleworking.  It said the draft Remote User Use Case is the latest addition to Trusted Internet Connections 3.0 core guidance, which covers the security of external connections to federal networks. Read more…

Commerce IG to review department’s cyber threat sharing efforts

Nextgov reports on an announcement from the Department of Commerce’s office of the inspector general that it would immediately begin assessing agencies’ cyber information-sharing practices. Read more…

Cyberspace Solarium leaders applaud 77 cyber provisions in defense bill enacted over Trump veto

GovInfoSecurity quotes the congressional co-chairs of the bipartisan Cyberspace Solarium Commission as praising Congress’ decision to override President Trump’s veto of the FY 2021 National Defense Authorization Act, stressing the importance of the legislation’s 77 cybersecurity provisions. Read more…

Defense authorization bill will have major impact on DoD cyber

C4ISRNet calls the National Defense Authorization Act, recently enacted over President Trump’s veto, a “sweeping piece of national cyber legislation with major revisions to government bureaucracy and structure, due in large part to adopting 26 provisions stemming from recommendations from the Cyberspace Solarium Commission.” Read more…

New law on IoT cybersecurity will help agencies deal with devices already in use

FCW reports that the recently enacgted IoT Cybersecurity Improvement Act of 2020, which directs NIST to create standards and guidelines on the use and management of internet of things (IoT) devices by federal agencies, also means NIST will begin addressing the gap in post-market guidance to help agencies address newly discovered vulnerabilities in devices already on their networks. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.