The SolarWinds supply chain compromise and the recently announced exploitation of vulnerabilities in Microsoft Exchange have lent even more urgency to the Department of Homeland Security’s “urgent improvements across four areas of strategic growth,” Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said.
Wales told the Senate Homeland Security and Governmental Affairs Committee last week that “while these lines of effort are in response to this intrusion, they form the framework around which we think about our response to any cyber incident.”
“First, we must increase CISA’s visibility into cybersecurity risks across the federal civilian executive branch and, where feasible, across nonfederal entities,” he said. “Second, we must expand CISA’s incident response capacity. Third, we must improve our ability to analyze large volumes of cybersecurity information in order to rapidly identify emerging risks and direct timely mitigation. And fourth, we must drive adoption of defensible network architectures, including by progressing toward zero trust environments.”
Wales called cybersecurity investments in the American Rescue Act, including an extra $650 million for CISA, “an important down payment on the cybersecurity capabilities,” but “we are not stopping there.”
“We are still responding aggressively to this campaign,” he said, touting the rollout of a new website that “consolidates information and resources on…