In a new report, the GAO examined federal responses to two cybersecurity
breaches: the hack of SolarWinds and the exploitation of a
vulnerability in Microsoft Exchange.
The GAO stated that both incidents were caused by foreign
government actors: the SolarWinds breach was by the Russian Foreign
Intelligence Service and the Microsoft Exchange breach was by the
Chinese Ministry of State Security. The report (1) provided a
summary of the incidents, (2) described steps that federal agencies
have taken in response to these incidents, and (3) identified
lessons learned by federal agencies from these incidents.
GAO noted that federal agencies (i) formed two Cyber Unified
Coordinated Groups (or "UCGs"), one for each incident,
whose efforts included issuing directives and providing guidance
and tools to agencies, and (ii) reported to the Cybersecurity and
Infrastructure Security Agency the actions they took to mitigate
the threats from these incidents. GAO said that federal agency
officials believed that coordinating with private sector partners
and other agencies led to more desirable outcomes in the responses
to these incidents.
GAO also cited the National Security Council's review of the
SolarWinds incident, which identified ways to address challenges
that federal agencies faced during their response to the incident.
These include:
- aligning technology investments with operational
priorities; - improving public/private engagement; and
- improving threat intelligence acquisition, sharing and use
among federal agencies.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Gloss