A suspected Russian hacking campaign exposed glaring shortcomings in the U.S. government’s approach to cybersecurity, Homeland Security Secretary Alejandro Mayorkas said Wednesday while promising to harness federal resources to improve public and private-sector defenses.
Mayorkas pledged to improve nearly every major facet of DHS’s cybersecurity work, from helping federal agencies recover from hacks to thwarting them in the first place. Part of that will come through an executive order President Joe Biden is expected to release soon to tighten security requirements for federal agencies and the software vendors that supply them.
“Our government got hacked last year and we didn’t know about it for months,” Mayorkas said at the RSA Conference.
“This incident is one of many that underscores the need for the federal government to modernize cybersecurity defenses and deepen our partnerships,” Mayorkas said, referring to the alleged Russian spying operation exploiting contractor SolarWinds and other vendors that U.S. officials have linked to Russia.
At least nine federal agencies have been breached in the activity, and the attackers reportedly had access to the email account of Mayorkas’ predecessor, Chad Wolf.
Moscow has denied involvement.
In some of his most detailed cybersecurity-related remarks since being sworn in Feb. 2, Mayorkas also expressed alarm at the steady stream of ransomware incidents hampering state and local governments and U.S. businesses during the coronavirus pandemic. He said DHS was drawing up a proposal for a “cyber response and recovery fund” that will help the department deliver resources to state and local governments dealing with hacking incidents.
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) received $650 million in additional funding from the recently enacted coronavirus relief package, but CISA’s backers say the agency needs more resources to help lead the U.S. government’s cybersecurity work.
Mayorkas also announced a series of two-month “sprints,” or initiatives to focus resources on a given threat, that CISA will undertake. Ransomware, industrial control systems security and election security are among those issues covered by the sprints.
As Mayorkas spoke, his department was continuing to deal with the fallout from a second set of major cyber incidents: the widespread exploitation of vulnerabilities in the Microsoft Exchange Server email software.
State and local governments and U.S. businesses around the country use the software, which suspected Chinese hackers, along with criminal gangs, have exploited in recent weeks. CISA on Wednesday ordered federal civilian agencies to run a Microsoft scanning tool to check for signs of compromise from the Exchange Server hacking.
U.S. officials have previously said they weren’t aware of any federal agencies that had been breached in the Exchange Server hacking, but the updated CISA directive shows that the investigation is ongoing.
Mayorkas, who is the first Latino to be Homeland Security secretary, also put human rights and diversity and inclusion at the center of his cybersecurity agenda.
“Far too often cybersecurity is used as a pretext to infringe on civil liberties and human rights,” Mayorkas said. “At the end of the day, cybersecurity is about people. It is about protecting our way of life and protecting what we hold dear.”
Clarification, April 1, 1:39 p.m. EDT: This story has been updated to clarify the name of the conference that hosted Alejandro Mayorkas.