A recent cyberattack impacts several agencies across the government, including the State Department, Treasury and National Institutes of Health. Brig. Gen. Greg Touhill, former Chief Information Security Officer of the United States, joined “Government Matters” to discuss the breach and next steps for the federal government.
“We’ve got to assume that every agency and department has been breached in this case,” Touhill said.
The Cybersecurity and Infrastructure Security Agency issued an emergency directive on the breach, which involved SolarWinds Orion products being “exploited by malicious actors.”
Touhill said he believes SolarWinds and FireEye are only the beginning. Touhill said that while agencies need to conduct damage assessments and risk exposure assessments, the government lacks the workforce to complete these in a timely manner.
“We don’t have enough hunt teams in the US-Cert and Cyber Command and NSA combined to go through every department and agency. So the immediate action is to assume that you’re breached and then work from there,” he said.
He suggested convening the Chief Information Security Officer Council for a crisis action team and then prioritizing assessments at the agencies already known to have been breached.
In terms of accountability, Touhill recommended not punishing the victims of the breach, but rather updating the cyber strategy across the government.
“This should be a wake-up call that we need to rethink our strategy, we need to rethink cyber deterrence and we need to do things that we know would help in this particular instance, such as accelerate Zero Trust,” Touhill said.
He said Zero Trust should be implemented immediately as a security strategy, across government, the Defense Industrial Base and the private sector.
“From a strategy standpoint, I don’t think we can wait any further,” he said of implementing Zero Trust Architecture. “If I were still in office, I’d be pushing hard to implement Zero Trust everywhere.”
He said Zero Trust is the only strategic approach for cybersecurity currently holding weight.
“I believe this [breach] is the tip of an iceberg, a really big supply chain attack iceberg that’s part of a nation-state campaign, so we all need to be paying attention to this,” Touhill said.