The Office of the National Cyber Director is working with agencies to accelerate efforts to “clean up” insecure Internet routing techniques that can lead to cybersecurity risks.
White House National Cyber Director Harry Coker expects more than half of all federal advertised IP space to adopt more secure routing agreements by the end of this year. The goal is to access the Resource Public Key Infrastructure (RPKI), which provides security for Internet routing to help prevent traffic from being hijacked by hackers.
During a speech before the National Security Telecommunications Advisory Committee today, Coker said several Commerce Department agencies earlier this month signed contracts to register their IP space and create so-called “route origin agreements.” Such agreements are used by RPKI to verify the owners of IP addresses.
The contracts were created by the National Oceanic and Atmospheric Administration, Coker added.
“These contracts. . . they are models for other agencies across government to follow,” Coker said.
The work falls under a goal of the Biden administration’s National Cyber Strategy to secure the “technical foundations of the Internet,” including vulnerabilities in the Border Gateway Protocol. BGP is the Internet’s routing protocol, but hackers have exploited flaws in the decades-old protocol to hijack traffic and create other cybersecurity issues.
“Such a ‘clean-up’ effort to reduce systemic risk requires identifying the most pressing security challenges, further developing effective security measures, and close collaboration between the public and private sectors to reduce our exposure to risk without disrupting platforms. and services built on this infrastructure”, the strategy states.
Coker said the issue came to the fore during the development of the national strategy, when unnamed ONCD partners raised challenges to the adoption of the RPKI.
“They told us of the real fear that failure to address the risks could put us at risk of disruption and espionage,” Coker said. “That’s why one of our strategic objectives specifically calls out BGP as a key protocol to secure.”
Accelerating federal approval of RPKI is part of the government’s efforts to “get our house in order,” Coker added.
ONCD is also working with other federal agencies and the private sector on a roadmap to promote broader adoption of secure Internet routing.
“We recognize that implementing RPKI is a first step in improving Internet routing security,” Coker said. “Together, we have much more to do to secure the technical foundations of the Internet going forward, and we look forward to government and the private sector working together to address these critical challenges.”
SRMA funding
During a separate speech this week, Coker also highlighted efforts to strengthen cybersecurity oversight of critical infrastructure through sector risk management agencies, or SRMAs. He said the Biden administration is seeking increased funding in fiscal year 2025 for multiple SRMAs, including an additional $12 million for the Department of Health and Human Services’ Strategic Preparedness and Response Administration. ASPR is responsible for cyber security oversight across the health and public health sectors.
The Environmental Protection Agency is also seeking $25 million to strengthen its cybersecurity oversight of the water sector. The agency also requested an additional $25 million to create a dedicated cyber grant for water utilities. The EPA warned earlier this week that more than 70% of water utilities surveyed in recent years do not follow basic cyber hygiene practices.
Coker’s discussion of the SRMA capacity comes after President Joe Biden signed a new national security memorandum that strengthens the Cybersecurity and Infrastructure Security Agency’s role in overseeing the cybersecurity of critical infrastructure. But the memorandum also directed SRMAs to take a closer look at their capacity and requirements.
“These divisions will be vital to continue implementing the national security strategy and memorandum-22,” Coker said Wednesday at the Auburn University event. “And we’re asking our partners in Congress, after starting conversations about SRMA’s responsibilities, to fund them.”
CISA is also taking a closer look at critical infrastructure organizations and relationships to determine what are known as “systemically important entities.” Valerie Cofield, chief strategy officer at CISA, said the agency is developing a methodology to determine what constitutes an “SIE”.
“As we’ve seen in so many attacks, it’s rare for an incident to be contained to one sector – it usually has cascading impacts across sectors,” said Cofield.
According to the new national security memorandum, CISA is working on a cross-sectoral risk assessment. Cofield said SIEs will likely fall below that estimate.
And the cyber agency is also looking at what kind of help SIEs will need once they are designated. Cofield said CISA offers free cybersecurity services, such as CyberSentry, that can help major entities manage cyber threats.
“[SIEs] should be first in line to get tools like that, to be able to have that advanced detection, so we can really help monitor those enterprises,” Cofield said. “But that’s still something for which we haven’t made final decisions on. It’s still preliminary, but we’re thinking about all those things.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
#Agencies #step #efforts #clean #insecure #internet #traffic
Image Source : federalnewsnetwork.com
