AJ Vicens Archives | FedScoop https://fedscoop.com/author/aj-vicens/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Thu, 04 Apr 2024 20:14:06 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 AJ Vicens Archives | FedScoop https://fedscoop.com/author/aj-vicens/ 32 32 Federal government affected by Russian breach of Microsoft https://cyberscoop.com/federal-government-russian-breach-microsoft/ Thu, 04 Apr 2024 20:14:06 +0000 https://fedscoop.com/?p=77007 U.S. cybersecurity officials issued an emergency directive this week to address a breach by Russian operatives of Microsoft first disclosed in January.

The post Federal government affected by Russian breach of Microsoft appeared first on FedScoop.

]]>
The post Federal government affected by Russian breach of Microsoft appeared first on FedScoop.

]]>
77007
Microsoft set to expand access to detailed logs in the wake of Chinese hacking operation https://cyberscoop.com/microsoft-logging-china-hacking/ Wed, 19 Jul 2023 17:55:17 +0000 https://fedscoop.com/?p=70814 The post Microsoft set to expand access to detailed logs in the wake of Chinese hacking operation appeared first on FedScoop.

]]>
The post Microsoft set to expand access to detailed logs in the wake of Chinese hacking operation appeared first on FedScoop.

]]>
70814
Chinese hacking operation puts Microsoft in the crosshairs over security failures https://cyberscoop.com/microsoft-china-hacking-state/ Fri, 14 Jul 2023 19:16:28 +0000 https://fedscoop.com/?p=70511 The post Chinese hacking operation puts Microsoft in the crosshairs over security failures appeared first on FedScoop.

]]>
The post Chinese hacking operation puts Microsoft in the crosshairs over security failures appeared first on FedScoop.

]]>
70511
Hackers based in China nab email data from US government agencies https://cyberscoop.com/china-hackers-email-us-government/ Wed, 12 Jul 2023 16:37:01 +0000 https://fedscoop.com/?p=70390 The post Hackers based in China nab email data from US government agencies appeared first on FedScoop.

]]>
The post Hackers based in China nab email data from US government agencies appeared first on FedScoop.

]]>
70390
DC health exchange breach affects former national security officials, Congress https://fedscoop.com/dc-health-exchange-breach-affects-former-national-security-officials-congress/ Fri, 10 Mar 2023 15:42:47 +0000 https://fedscoop.com/?p=66601 Leaked data from the capital's health insurance broker exposes sensitive data belonging to the city's powerbrokers.

The post DC health exchange breach affects former national security officials, Congress appeared first on FedScoop.

]]>
A sample of data stolen from Washington, D.C.’s health insurance exchange includes the personal information of a prominent former defense official and employees of lobbying firms, an indication that the breach may be the latest in a string to expose the personal information belonging to members of the U.S. national security establishment. 

The District of Columbia’s health insurance exchange confirmed Wednesday that it was working with law enforcement to investigate data posted on a public forum that was purportedly obtained by a breach of the exchange. It’s unclear how many individuals the alleged breach may have impacted.

A sample of the stolen dataset reviewed by CyberScoop indicates that the victims of the breach range from some of Washington’s K-Street powerbrokers to coffee shop employees. Both businesses and individuals can use the exchange to purchase health insurance policies, and among its customers are lobbying firms, civil society groups, a dentist office and a design firm. 

CyberScoop is not naming any of the affected individuals nor their employers, but the sample data set includes one firm that boasts a large number of employees who have gone on to work in the White House. The former defense official whose alleged personal data CyberScoop viewed is a mainstay of the city’s national-security establishment. Neither the firm nor the former official returned requests for comment.

Security experts caution that the consequences of a breach like this are difficult to predict. “The hard thing about this kind of data breach is it’s not just the data alone, it’s when you combine the data with other data sets that nation states or bad actors might have,” said Jamil Jaffer, founder and executive director of the National Security Institute at George Mason University. Jaffer called the breach “deeply concerning” especially given that it may affect members of Congress and their staff.

CyberScoop was able to verify portions of the dataset available in the public record and the authenticity of one victim’s leaked data. The Associated Press verified the authenticity of the data with two victims. It’s not clear what time frame the data obtained by the hacker spans. The leaked data includes names, email addresses, dates of birth, home addresses, social security numbers and details about insurance policies.

A person using the moniker “IntelBroker” first posted the stolen data on March 6 to an online forum, where data breaches are publicized and data is either published for download or offered for sale. That post was subsequently pulled down, and “IntelBroker” is now listed permanently banned. 

Three days later, on March 9, a second user going by the name “Denfur” — whose signature on the site reads “Glory to Russia!” — posted what they claimed was the full database, along with a sample that includes 200 entries. The full dataset includes 67,565 unique entries and about 55,000 “unique people,” Denfur claimed. 

At about midday Thursday Denfur also claimed that “the intended target WAS U.S. Politicians and members of U.S. Government.” The quote appeared alongside a link to a news story about the incident quoting House of Representatives Chief Administrative Officer Catherine Szpindor as saying that the members of Congress were not the specific target of the attack.

The breach came to light after members of Congress and their staff were warned that their data may have been exposed.

IntelBroker did not respond to a request for comment. A review of IntelBroker’s activity on the forum shows multiple instances in which they claimed to have either hacked entities themselves or shared information hacked or scraped by others, including data supposedly linked to the U.S. Department of Defense, the Department of Health and Human Services and other U.S. government information.

A spokesperson for the FBI said the bureau is aware of the incident and is investigating but declined to comment further. According to a letter from congressional leaders to the head of the DC exchange, the FBI has purchased some of the stolen data on the dark web, NBC News reported

DC Health Link confirmed that the data for some customers had been exposed on a public forum and that it was working with law enforcement to investigate.

“We are in the process of notifying impacted customers and will provide identity and credit monitoring services,” Adam Hudson, public information officer at the DC Health Benefit Exchange Authority, told CyberScoop in an email Thursday. “In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers. The investigation is still ongoing and we will provide more information as we have more to share.”

As of Thursday afternoon, several DC Health Link customers told CyberScoop that they hadn’t received any notice from the exchange about the incident any had only become aware of it through the news. One victim reached by CyberScoop Thursday said the data in the sample appeared legitimate and that they had not been contacted by anybody about the breach prior to CyberScoop’s call.

This week’s breach is far from the first time U.S. government officials — current and former — have seen their personal information exposed. The 2015 breach of the Office of Personnel Management saw Chinese hackers obtain the personal data of 21.5 million people collected as part of background investigations. A Republican-led House Oversight Committee warned in 2016 that the breach would “harm counterintelligence efforts for at least a generation to come.” The breach has also cost the federal government billions in identity monitoring services

The post DC health exchange breach affects former national security officials, Congress appeared first on FedScoop.

]]>
66601
Insiders worry CISA is too distracted from critical cyber mission https://fedscoop.com/insiders-worry-cisa-is-too-distracted-from-critical-cyber-mission/ Fri, 23 Dec 2022 01:23:21 +0000 https://fedscoop.com/insiders-worry-cisa-is-too-distracted-from-critical-cyber-mission/ The agency appears to be struggling with internal divisions, morale problems and growing concerns about leadership priorities.

The post Insiders worry CISA is too distracted from critical cyber mission appeared first on FedScoop.

]]>
When Congress was still trying to understand the full extent of Russia’s 2016 election meddling and growing increasingly anxious about possible cyberattacks on other U.S. targets, lawmakers rallied behind an idea to shore up the nation’s digital defenses.

In the fall of 2018, they passed legislation establishing an agency inside the Department of Homeland Security to streamline federal cybersecurity efforts, encourage industry to improve vulnerable systems and help safeguard critical infrastructure from determined nation-state hackers.

Republicans and Democrats praised the new Cybersecurity and Infrastructure Security Agency, which replaced the National Protection and Programs Directorate inside DHS. Rep. Michael McCaul, R-Tex., said it would “strengthen the security of federal networks and our nation’s critical infrastructure.” Rep. Jim Langevin, D-R.I., was another early booster of the new agency — and has been one of its most vocal champions.

But four years in, CISA appears to be struggling with internal divisions over the direction of the agency, morale problems and growing concerns about leadership priorities. CyberScoop and FedScoop spoke with 14 current and former CISA employees and 18 additional people familiar with CISA’s internal operations. Most described an agency that lacks a clearly defined strategic direction and often seems more focused on its public image than working on the nation’s thorniest cybersecurity problems.

Even Langevin, who is retiring from Congress next month after spending years promoting cybersecurity legislation, is frustrated. “There are a lot of things that the agency can and should do better,” Langevin told this publication, pointing out that CISA is a year late submitting its organizational planning, staffing and budgeting document to Congress.

If Congress doesn’t have the document — known as a “force structure assessment” — to evaluate budgeting for CISA soon, Langevin suggested it could impact the agency’s funding.

“I’m disappointed that it wasn’t completed before the end of my final term,” he said. Others in Congress appear to be fed up by delays from CISA, too: The pending omnibus government funding bill includes unusual language that would fine the agency $50,000 for every day it’s late on quarterly congressional briefings.

An organization struggling to find its way

People inside the organization, and those who recently left, complain that leadership hasn’t articulated priorities and often seems insulated from staff, leaving many to hear about agency initiatives via Twitter instead of from managers.

“Front-line employees would benefit from having a consistent directional strategy,” said Beau Woods, a noted cybersecurity researcher who left CISA in November after two years as a senior adviser. He said that what’s absent from agency brass is direction on “clear outcomes or a clear understanding of what good looks like.” Without that, he said, employees can have “the perception that every new email will be just the flavor of the week and next week they’ll be on to something different.”

A current senior U.S. cyber official was more direct. “I don’t know what the CISA vision and agenda is internally from leadership,” the official said. “I think they do far more external communication than internal communication.”

The official highlighted that one of the agency’s key challenges lies in its inability to hire the right cyber talent, which has had significant negative downstream effects on other problems it faces. “Their hiring challenges significantly hurt their ability to execute their mission,” the official said.

Still, CISA’s employee base has grown. Federal numbers show that between September 2021 and June 2022, CISA grew from 2,392 to 2,626 employees. However, multiple sources said the hiring pace has been slower than it should be and that CISA has particularly struggled to hire highly skilled technical talent. A CISA blog post from June said the agency had nearly 150 open cybersecurity positions it sought to fill.

Many of the people who spoke with CyberScoop and FedScoop did so on the condition of anonymity due to concerns that they could jeopardize current or future relationships with CISA. Nearly all of those interviewed acknowledged the agency has plenty of existential challenges such as a vast DHS bureaucracy and a difficult mission due to the sheer number of U.S. entities needing cybersecurity assistance.

Still, many said there’s a growing perception inside — and outside — CISA that an over emphasis on carefully managing and promoting Director Jen Easterly’s brand is taking precedence over more critical matters. Easterly is a staple at industry gatherings such as the RSA ConferenceDEF CON and CYBERWARCON as well as at corporate speaking events such as the Mandiant mWise conference, a recent Google panel and another on the floor of the New York Stock Exchange.

Easterly also maintains an active social media presence and was the subject of a recent “60 Minutes” feature. She often appears in videoson the CISA Instagram page promoting cybersecurity messages.

“The day-to-day effect of Jen’s branding push is that it hurts the work and mission execution,” a former CISA official said. “It’s not what the staff want … They want the focus to be about the work, not about one person.”

Nominated by President Biden to run the agency in April 2021, Easterly arrived with impeccable credentials. She most recently worked as a cybersecurity executive at Morgan Stanley where she defended the firm against global cybersecurity threats. Before that, she helped stand up U.S. Cyber Command and served in the Obama White House and the National Security Agency as a senior counterterrorism official. She’s an Army veteran, West Point graduate and Rhodes Scholar. She is known for starting her workday early and usually arrives at CISA headquarters no later than 7 a.m.

Easterly defended her focus on external relations in a statement to this publication.

“CISA is fundamentally a partnership agency; our ability to effectively protect and defend the critical infrastructure Americans rely on every day — much of which is owned by the private sector — is dependent on our ability to develop trust with our partners,” the statement said. “People don’t trust institutions; they trust people.”

A leader who has become a lightning rod

Easterly succeeded Chris Krebs, who spent time at Microsoft as director of cybersecurity policy. Krebs also worked in several leadership roles in DHS and headed up the directorate that preceded CISA. He too became a high-profile figure during his tenure, especially as Washington became more concerned about election security and online disinformation. And then, in 2020, President Trump famously fired him via Twitter for disputing claims of election fraud, giving him a whole new level of notoriety.

Krebs told this publication that Easterly’s focus on the speaking circuit makes sense given the “almost exclusively voluntary nature of [CISA’s] engagement with the private sector as well as state and local governments.”

He said that when he held Easterly’s role, he frequently made speaking appearances, usually in small towns. “The future of CISA is in the field — reverse engineer that and it means it’s not sitting at a desk in Washington, D.C., all day, every day,” he said. But many of the sources CyberScoop and FedScoop spoke with said Krebs remained more plugged into agency specifics than Easterly.

“I don’t think that they’ve done enough to execute their mission at CISA,” said a former senior CISA official who now works with the agency frequently on behalf of industry. “Leadership is still in that mindset of let’s market this thing so we can create it. You’ve gotta stop chasing tweets and start actually doing things … They’re going to have Congress down their throat soon, the train is coming full speed in their direction.”

When appearing in public, Easterly often cuts a different figure than a typical government official. She’s known to swap the standard-issue government suit for a T-shirt and jeans and often signs Rubik’s Cubes, which have become something of a calling card. For an agency that’s not well known outside the beltway and needs to form partnerships with private sector organizations, that PR work is an essential part of her job, Easterly’s defenders argue.

To be sure, women in power are often attacked and marginalized for being strong leaders and taking on highly visible public roles. Nonetheless, many of the people CyberScoop and FedScoop spoke with said their criticism of Easterly’s speaking engagements isn’t personal and instead reflects serious concern over the challenges CISA confronts and the need for more leadership from the top.

Complaints about Easterly’s public persona don’t surprise Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies. But that doesn’t make it fair either, he said.

“The technical community is always unhappy because they feel like the spotlight should be on them,” he said. “They’re the true guardians of cybersecurity … . She’s actually got a good technical background. So, to say there’s a complaint from the technical community it’s like, ‘So what else is new?’ You’re never going to be happy because the person they want doesn’t exist. They want someone who has executive experience and a great public persona, but also happens to be an uber-geek and uber-geeks don’t come with great leadership skills and great public skills.”

Many CISA employees said they wouldn’t take issue with Easterly’s PR focus if there was less discontent inside the agency. For example, the mood at CISA virtual town halls is such a concern that questions are typically limited ahead of time. As a result, some staffers have taken to asking Easterly hostile questions left anonymously in the town hall Zoom chat. After Easterly told CISA staff they would be held accountable for their work in one such virtual meeting, an employee went to the chat to ask how leadership is being held accountable. Easterly told the anonymous staffer, “If you don’t like it here, you can leave,” according to someone in the meeting.

A senior CISA official said Easterly has devoted town halls to workplace issues such as mental health, burnout prevention and inclusion and diversity. She also makes herself available to staff through weekly one-on-one office hours. The official noted that CISA’s Federal Employee Viewpoint Survey scores are higher than the average for government agencies.

A tense relationship with DHS

Easterly’s style also has led to tensions with Alejandro Mayorkas, Homeland Security secretary, two people familiar with the relationship told this publication.

Mayorkas and his team were incensed after they learned Easterly lobbied Congressional Republicans on the Cyber Incident Reporting for Critical Infrastructure Act that passed in September, two sources said. Easterly did so without getting sign off from Mayorkas or his top advisers first, according to the federal cyber official and an external CISA partner. The official said the incident hurt Easterly’s relationship with Mayorkas because the secretary and his top advisers at DHS determine the department’s political priorities.

Other interviewees said DHS bears some responsibility for CISA’s struggles. One prominent Washington cybersecurity expert defended Easterly, saying she has had “scant support” from DHS leadership.

“If the secretary’s team had come in and said, ‘Yeah, it’s important to get cyber right, we’re gonna support Jen to get this organization — which is still in its infancy — reworked,’ I think she might have had a chance to show more progress than she has,” the expert said.

A DHS spokesperson declined to comment on the incident with Congressional Republicans but provided this publication with a statement that Mayorkas is “incredibly proud” of the work done by CISA and that he believes Easterly’s “leadership and vision have been and will continue to be instrumental.” A senior CISA official sent a similar statement about Mayorkas.

Easterly did inherit plenty of problems. She is charged with running an agency that needs more in-house technical talent and therefore relies on a significant number of contractors. A former senior CISA official who now works with the agency on behalf of industry said contractors are often left struggling to understand what CISA wants. “It’s almost impossible to work for them and everyone in the industry knows it,” the person said. “Our biggest frustration is that they don’t communicate with contractors. Congress is throwing [money] at them and it’s not clear what they’re doing with it.”

Beyond that, CISA is fighting to manage major structural challenges caused by a slow-moving DHS and the control it exercises over many hiring and technology acquisitions, former CISA employees and outside cyber experts said. In fact, Rep. Langevin told CyberScoop he sees the benefit of CISA gaining more independence from DHS and said he would like Congress to study the issue.

“It seems to me to make sense that if CISA had its own hiring authority, as well as ability to purchase equipment, it would give them greater agility and flexibility to move more quickly,” Langevin said. He added that he believes CISA is headed in the right direction and that he supports Easterly.

Technical shortcomings take a toll

There are other challenges, too. Almost everyone interviewed for this story said the agency is hampered by the fact that CISA is divided across six divisions and between the field staff and headquarters. The split structure and CISA’s constrained ability to acquire technology limits the deployment of new software across the entire enterprise, according to a source with direct knowledge of the agency’s technology operations.

“What often happens is that individual teams manage their own infrastructure,” the source said. “That’s a [spending] problem, but it’s also a security problem because it means there is no central place for oversight to happen.”

CISA officials acknowledge the issue: One of four key objectives in the strategic plan released in September is “agency unification” so that CISA business operations will be “mutually supportive across all divisions” and “governance [and] management” functions will be integrated.

In one example of how this lack of cohesion plays out, each of the six divisions relies on different databases for analysis of critical infrastructure cyber trends, incidents and vulnerabilities without the ability to work in an agency-wide database, according to a former senior CISA employee and a current employee at the agency.

“Think about how much analysis we could get done if we weren’t trying to access six different repositories and rationalize the data and cut and paste from PDFs,” the current employee said.

Other CISA staff and observers said the agency sometimes prematurely stands up or rebrands existing initiatives. CISA’s Joint Cyber Defense Collaborative (JCDC) is a good example of an initiative the agency rebranded with mixed results, according to multiple sources, including two who partner with JCDC.

A CISA spokesperson sent CyberScoop and FedScoop a blog post Easterly wrote about the JCDC in September. The post highlights CISA’s work on Log4Shell, noting that the DHS-led Cyber Safety Review Board report on the incident credited JCDC as an “important catalyst for information sharing to address the threat.” The post said that JCDC members provided 17 threat analyses and that a related vulnerability guidance web page garnered more than 300,000 page views in its first three weeks.

Still, two of JCDC’s technical partners and a top cybersecurity expert in Washington said industry government affairs’ employees and lawyers are heavily involved in the center’s work, something they view as a problem. “None of us share anything anymore,” one of the JCDC technical partners said. “It turned out that we were just broadcasting to a channel of lawyers.”

The JCDC technical partner also said that security researchers, industry and others collaborate on an “operational” Slack platform that does not currently have much traffic. The general channel populated by more than 500 people had just 12 posts from Dec. 1 through this Tuesday and multiple other smaller single-subject channels where operational work happens were similarly quiet, the JCDC partner said. (A senior CISA official said the agency is “pleased with the subject matter expertise and level of engagement that our industry partners have provided.”)

“When it comes to operational collaboration, as opposed to indicators and warning, I think there’s still a need to evolve the JCDC,” said Megan Stifel, a former cybersecurity director at the National Security Council and currently the chief strategy officer at the Institute for Security and Technology. Still, she said, CISA is making good progress overall.

In general, many critics say CISA is focusing too much energy on building alliances with major industry players and large corporate partners. The relationships are often one-sided, said Bryson Bort, CEO of SCYTHE and a former adviser to Easterly’s predecessor Krebs.Ultimately, he said, these types of organizations have well-resourced cybersecurity teams to defend their interests, and often aren’t sharing significant information with CISA about current threats.

“Meanwhile, there’s a $1 billion asset community bank somewhere getting completely f—ed and CISA doesn’t know they exist, and they don’t know that CISA exists,” Bort said. “That’s the challenge.”

Christian Vasquez contributed reporting.

Corrected Dec 22, 2022: This story was updated to correct the name of the information-sharing initiative CISA runs to collaborate with the private sector. It’s called the Joint Cyber Defense Collaborative.

The original story also incorrectly reported how CISA deploys Microsoft 365. It is deployed across the entire agency and centrally managed.

The post Insiders worry CISA is too distracted from critical cyber mission appeared first on FedScoop.

]]>
63702
DHS issues emergency directive ordering all federal civilian agencies to address Log4j flaw https://www.cyberscoop.com/log4j-emergency-directive-cisa-conti/ https://www.cyberscoop.com/log4j-emergency-directive-cisa-conti/#respond Fri, 17 Dec 2021 17:15:39 +0000 https://fedscoop.com/?p=45892 The directive lands amid escalating concern about the impact of the bug.

The post DHS issues emergency directive ordering all federal civilian agencies to address Log4j flaw appeared first on FedScoop.

]]>
The post DHS issues emergency directive ordering all federal civilian agencies to address Log4j flaw appeared first on FedScoop.

]]>
https://www.cyberscoop.com/log4j-emergency-directive-cisa-conti/feed/ 0 45892