Pulse Security said over the past couple of weeks it has worked closely with the Cybersecurity and Infrastructure Security Agency (CISA) as well as FireEye and Stroz Friedberg to investigate and respond quickly to the malicious activity that was identified on its customers’ systems.
Rather than limit focus to indicators of compromise, CERT’s new director, Greg Touhill said government needs “to do a better job of making sure that what information we share has contextual elements, and is timely.”
The Biden administration’s handling of the two cyber incidents in coordination with industry leaves some in the community hopeful that a functioning interagency system will reemerge after years of atrophy.
At a pair of hearings on Wednesday and Thursday, the National Security Agency and U.S. Cyber Command director again pushed back against a brewing Senate plan for the NSA to monitor domestic networks for foreign hackers.
The announcement ends months of speculation over the key positions, during which time the government has had to face fallout from both the Solarwinds and Hafnium Exchange Server campaigns without leadership in place.
The Unified Coordination Group established by the National Security Council includes officials from the FBI, the Cybersecurity and Infrastructure Security Agency at DHS, the Office of the Director of National Intelligence and the NSA, as well as private sector companies with “specific insights to this incident.”
The information sheet offers a list of providers, but NSA and CISA were clear that the federal agencies do not endorse one provider over another.
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors.
There is no rule mandating a company to disclose a breach to the federal government, even when national security is a concern. That could change, however. In the words of Microsoft President Brad Smith, “this is about moving information fast, to the right place, so it can be put to good use.”
How much of Biden’s promised funding for cyber will support small and medium businesses? Tugboat Logic CEO Ray Kruck offers tips for managing the risk in the meantime.
