CISA highlights progress in closing SolarWinds gaps as new cyber threats loom

CISA highlights progress in closing SolarWinds gaps as new cyber threats loom

Four years after the SolarWinds cyberattack exposed critical vulnerabilities, the Cybersecurity and Infrastructure Security Agency (CISA) reports significant improvements in federal cybersecurity, notes Justin Doubleday at Federal News Network. CISA Executive Assistant Director Jeff Greene said during a Cybersecurity Coalition event that agencies can now detect and respond to threats faster thanks to expanded log retention, enhanced network monitoring, and the deployment of endpoint detection and response (EDR) capabilities.

The SolarWinds breach, attributed to Russia-linked hackers, infiltrated nine federal agencies via software supply chain vulnerabilities. This prompted a sweeping cybersecurity executive order in 2021, directing agencies to strengthen logging, implement centralized monitoring, and expand CISA’s Continuous Diagnostics and Mitigation (CDM) program. CISA now tracks over 5 million devices and 400,000 logs across 94 agencies, improving threat correlation and response.

While CISA has addressed many gaps exploited in the SolarWinds incident, emerging threats persist. Greene cited recent nation-state activities, including China-linked groups targeting US infrastructure, such as power grids and telecommunications networks. These threats, dubbed “Typhoons,” represent a growing challenge for the next administration. “In recent weeks, federal officials have uncovered a major infiltration of global telecommunications providers by the China-linked Salt Typhoon group.”