For cybersecurity professionals, 2021 has been a year that’s witnessed decades of fears and worries coming to fruition. The year began with panic, as IT professionals dizzyingly reeled and reacted to the massive SolarWinds and Microsoft Exchange Server breaches. In the months following, further attacks on U.S. technology and critical infrastructure—like the Colonial Pipeline, JBS, and Kaseya hacks—further cemented 2021 as the year when cyberattacks began to affect the everyday lives of ordinary Americans and set the tone for the recent 2021 Fal.Con for Public Sector Virtual Cybersecurity Conference .
CrowdStrike’s Fal.Con 2021 brought together leaders and decision-makers from across the public sector, education, and, several other industries to discuss today’s cybersecurity landscape.
On Wednesday, July 21, 2021, Chris DeRusha, Federal Chief Information Security Officer (CISO) of the Office of Management and Budget (OMB), addressed Fal.Con attendees during his government keynote session. In his address, DeRusha spoke about the recent U.S. cyberattacks, as well as the roles the OMB, federal agencies, and industry are playing in implementing President Biden’s cybersecurity Executive Order (EO) that he issued inMay.
Ransomware
DeRusha began the Fal.Con keynote session by reviewing the steps the administration is taking to strategize against ransomware attacks in the U.S. He explained that the strategy is divided into five pillars: disrupting ransomware infrastructure, international cooperation, expanding cryptocurrency analysis, pursuing criminal transactions, and the review of the government’s ransomware payment policies.
DeRusha noted that the administration is feeling a sense of urgency around the rising number of ransomware attacks occurring on U.S. soil and that they are hard at work in taking action to address these threats. The centerpiece action, of course, is President Biden’s sweeping cybersecurity Executive Order.
The EO
When speaking about the Executive Order itself, DeRusha broke down his discussion into three categories: the OMB’s role, federal agencies’ role, and industry’s role in the fight against cyberattacks.
First, DeRusha explained to Fal.Con attendees how the OMB is implementing EO guidelines in order to strengthen the government’s posture in preventing and fighting against cyber threats. DeRusha acknowledged that the OMB has a role in almost every section of the EO by developing new policy guidelines and assisting agencies in implementing their assigned tasks.
The OMB is currently working to remove contractual barriers to sharing threats and information with the federal government. One of the main obstacles in making information sharing easier has been inconsistencies in cybersecurity contract clauses. The OMB is now taking inventory of all government contract clauses, selecting the best of them, and then applying them consistently across all agencies.
The OMB is also leveraging the power of government buying, in order to incentivize secure software. This entails moving towards concepts like the bill of materials and ensuring they’re bringing on and implementing the best of industry practices.
The OMB is also establishing a separate review board, which is going to be a public-private partnership, drawing on lessons learned and integrating them as best practices. The public-private partnership was a consistent theme DeRusha touched upon throughout his keynote address, emphasizing that securing the nation’s cybersecurity infrastructures will be a team effort on all sides.
“We’re taking this very seriously,” said DeRusha. “And the thing is it’s also on the public-private sector. We’ve got to solve this work together. That’ll be the only way we make true progress.”
The role of federal agencies was next on the docket at Fal.Con for Public Sector. DeRusha explained that the EO has a huge impact on federal agencies. Through the EO, agencies must begin ensuring they are moving towards zero trust architectures, as well as implementing multi-factor encryption within their IT infrastructures.
Logging was another touchpoint that federal agencies need to turn their attention towards, according to DeRusha. Investing in logging enables the visibility agencies to need to ensure that they’re performing robust investigations of all occurring events on agency networks and systems.
DeRusha also emphasized the importance of federal agencies developing a standard “playbook” for incident response. By having a standard playbook, in addition to improving detection response through impact tools, leadership across all federal agencies will be able to fully understand how to respond and manage complex incidents.
The industry also has a critical role to play in implementing the Executive Order’s strategies, according to DeRusha. Industry’s feedback on tasks set out in the EO is crucial to the success of securing U.S. digital infrastructures. DeRusha also pointed out that through the EO, a lot of space has been created for innovation and public-private partnerships.
IT Modernization
Another area that is vital to successfully securing digital infrastructures from cyber threats is IT modernization. DeRusha pointed out that agencies must assess their cybersecurity postures and capabilities. Agencies’ plans for IT modernization are going to tremendously assist in accelerating and adopting zero trust capabilities.
DeRusha mentioned the Technology Modernization Fund (TMF), and how $1 billion was allocated to the fund through the American Rescue Plan. Through TMF funding, federal agencies are able to submit cybersecurity-focused proposals that will further advance their zero trust capabilities, as well as boost their identity access management processes and incident/detection response.
“The TMF can be a big driver and help us in identifying the elements of what a successful IT modernization journey looks like,” said DeRusha.
What’s next?
Now that it’s been a couple of months since the release of the Executive Order and guideline implementation is underway within federal agencies, DeRusha posed the question “What’s next?” to the Fal.Con for Public Sector attendees.
One of DeRusha’s main priorities in the near future is improving upon the Federal Information Security Modernization Act (FISMA). DeRusha plans on taking a hard look at FISMA and figure out what’s working, what’s not working, and how FISMA is driving federal agencies to manage enterprise risk for the civilian government, in addition to how it drives them to measure and assess progress in agency cybersecurity.
DeRusha explained that improving upon FISMA would include more rigorous testing security, increasing automation, and embracing the cloud across the federal government.
DeRusha also explained that improving cybersecurity within the federal government also relies on building up the workforce.
“We need to ensure that we are getting all the capacity in and getting more and more professionals into this field,” said DeRusha. “Because I don’t think it’s going to stop. We need to build the bench so that we’re not always relying on two people, which happens all too often to get us through these events.”
