In a new report, the GAO examined federal responses to two cybersecurity breaches: the hack of SolarWinds and the exploitation of a vulnerability in Microsoft Exchange.
The GAO stated that both incidents were caused by foreign government actors: the SolarWinds breach was by the Russian Foreign Intelligence Service and the Microsoft Exchange breach was by the Chinese Ministry of State Security. The report (1) provided a summary of the incidents, (2) described steps that federal agencies have taken in response to these incidents, and (3) identified lessons learned by federal agencies from these incidents.
GAO noted that federal agencies (i) formed two Cyber Unified Coordinated Groups (or "UCGs"), one for each incident, whose efforts included issuing directives and providing guidance and tools to agencies, and (ii) reported to the Cybersecurity and Infrastructure Security Agency the actions they took to mitigate the threats from these incidents. GAO said that federal agency officials believed that coordinating with private sector partners and other agencies led to more desirable outcomes in the responses to these incidents.
GAO also cited the National Security Council's review of the SolarWinds incident, which identified ways to address challenges that federal agencies faced during their response to the incident. These include:
- aligning technology investments with operational priorities;
- improving public/private engagement; and
- improving threat intelligence acquisition, sharing and use among federal agencies.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
