This week, the GAO published a report on the federal government response to the nearly concurrent SolarWinds attack and organized exploits of the Microsoft Exchange vulnerabilities. This report looks at those response activities and outlines three National Security Council recommendations for improving responses to future cyberattack. An appendix provides separate timelines for the response to both incidents.
The accompanying highlight document identifies four lessons learned by responding agencies:
• Coordinating with the private
sector led to greater efficiencies in agency incident response efforts,
• Providing a centralized forum for
interagency and private sector discussions led to improved coordination among
agencies and with the private sector,
• Sharing of information among
agencies was often slow, difficult, and time consuming, and
• Collecting evidence was limited due to varying levels of data preservation at agencies.
The GAO reports that the NSC identified three areas that the government could take to take to prevent and improve the response to future incidents (pg 36):
• Align technology investments with
operational priorities. The review identified that the federal government
should invest resources to increase its capabilities to identify, detect,
protect, and respond to significant cybersecurity incidents.
• Improve public-private
engagement. The federal government should improve its coordination and
information sharing with the private sector.
• Improve threat intelligence
acquisition, sharing, and use among federal agencies. The federal government
should improve information sharing with its partners.
No comments:
Post a Comment