Cybersecurity and Infrastructure Security Agency (CISA)

The Role of CISA

President Biden signed the Executive Order on Improving the Nation’s Cybersecurity. The mandate details his administration’s plans to improve the country’s digital infrastructure. This is to address “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”

Biden stated, “Cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector… to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”

Since then, the US president and the Cybersecurity and Infrastructure Security Agency, or CISA, have steadily followed through with plans. These plans implement new mandates. They hone regulations and improve the nation’s security posture.

CISA was established in 2018 under the Trump administration. CISA leads national efforts to bolster US digital infrastructure. Headed by Jen Easterly, CISA has been active in the cybersecurity space. It mandated Binding Operational Directive (BOD) 22-01. It also created the Known Exploited Vulnerabilities Catalog (KEV). Additionally, CISA has released numerous security advisories and joint reports. These detail commonly exploited vulnerabilities used by Advanced Persistent Threats and other threat actors.

Here is a collection of Flashpoint’s coverage regarding the Biden Administration’s and CISA’s cybersecurity initiatives:

May 2023: CISA releases draft for secure software development

On May 1, 2023, CISA announced that proposed guidance for secure software development is now open to public review and opinion. The public can provide feedback on the draft for the self-attestation form for 60 days. Government software providers are required to confirm they have implemented specific security practices.

The proposed draft was made in line with the requirements of Memorandum M-22-18. Per requirements, federal agencies can only use specific software. The developer must have confirmed compliance with government-issued guidance on software supply chain security.

This guidance will apply to:

• Software produced after September 14, 2022
• Software-as-a-service products and other software receiving continuous code changes
• Existing software when a major change or changes occur

November 2022: Iranian APT Compromises Federal Network

On November 16, 2022, CISA reported that it provided incident response services to an unnamed Federal Civilian Executive Branch (FCEB) organization in June and July 2022. The suspect appeared to be an Iranian APT group. Investigations show that this organization may have been compromised as early as February 2022.

Threat actors exploited the Log4Shell vulnerability (CVE-2021-44228) on an unpatched VMware Horizon server. The threat actors then moved laterally within the system.

CISA has yet to attribute this activity to a specific group. Flashpoint has seen two Iranian APT groups exploit Log4Shell in the past: APT35 and MuddyWater.

October 2022: CISA Releases Joint CSAs Detailing Threat Actor Activity

CISA Releases Guide on Responding to DDoS Attacks and DDoS Guidance with the FBI

CISA and the Federal Bureau of Investigation (FBI) recently released a Joint Cybersecurity Advisory (CSA). It is designed to assist organizations in preventing Distributed Denial-of-Service Attacks (DDoS). In this report, CISA advises that Internet of Things (IoT) devices such as home internet routers can pose a high risk. This is due to poor security and their difficulty to patch.

Read More >>

---

Analysis of CISA’s Advisory on Top CVEs Exploited Chinese State-Sponsored Groups

Federal agencies released a joint advisory. It identified twenty of the top vulnerabilities that have been actively exploited by Chinese state-sponsored cyber actors since 2020.

Read More >>

August 2022: H.R. 7900 and SBOM Mandates

How to Comply With the DoD’s Newer and Stricter Software Requirements

The US House of Representatives passed H.R. 7900 – National Defense Authorization Act for Fiscal Year 2023. Section 6722 could have serious impacts on the security industry and beyond. The bill requires companies working with the DoD to provide a Software Bill of Materials (SBOM) and patch all known vulnerabilities.

Read More >>

---

What Is an SBOM? The Importance of a Software Bill of Materials

Cyber attacks like Log4Shell have led the Biden administration to work closely with security experts. They also work with the Cybersecurity and Infrastructure Security Agency (CISA). This is to produce government resources and legislation intended to improve the United States’ security posture.

Read More >>

June 2022: Security Advisories Detail Threats Posed by APTs

China is Exploiting Network Providers and Devices, Says US Cybersecurity Advisory

The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) released an advisory. It outlined the different tactics, techniques, and procedures (TTPs). This specifically covered common vulnerabilities and exploits (CVEs). Chinese state-sponsored cyber-enabled actors are utilizing these to attack and exploit entities and individuals abroad.

Read More >>

---

Biden Signs State and Local Government Cybersecurity Act Into Law: Establishes Rotational Cyber Workforce

President Biden signed two cyber-related bills into law on June 21. Both aim to bolster the cybersecurity capabilities at—and across—various government entities.

Read More >>

---

Hackers Are Still Exploiting Log4Shell Vulnerability, Warns CISA

CISA and United States Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228). They are specifically targeting unpatched, internet-facing VMware Horizon and Unified Access Gateway servers.

Read More >>

May 2022: CISA Joint CSAs and ongoing KEV activity

CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory. It identified the fifteen most exploited vulnerabilities in 2021. Among them, Log4Shell (CVE-2021-44228) was the most used by threat actors.

Read More >>

---

CISA Adds Five ‘New’ Exploits to KEV Catalog, Including 2014’s Heartbleed Vulnerability

In May 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added five “new” vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog. Three of the entries were originally disclosed in 2014. This included the infamous Heartbleed vulnerability (CVE-2014-0160).

Read More >>

March 2022: BOD 22-01, KEV Catalog, and Shields Up

CISA’s BOD 22-01 Update: Revamping Vulnerability Management Capabilities for Federal Agencies

Binding Operational Directive (BOD) 22-01 is a significant directive. It impacts many organizations, especially those that support US government agencies.

BOD 22-01 and the KEV Catalog is a major shift from the traditional views of vulnerability management. Most vulnerability management frameworks place emphasis on severity scores. They do not provide context into whether an issue has actually been used in-the-wild.

Read More >>

---

Shields Up: Understanding Guidance From the Biden Administration About Possible Russian Cyberattacks

On March 21, the Biden Administration and CISA announced the Shields Up campaign. They urged the private sector to take steps to protect their systems against potential cyber attacks from Russia. This was given their ongoing invasion of Ukraine. This followed a warning from CISA that organizations outside of Ukraine could potentially be caught in the crosshairs of Russian Advanced Persistent Threat (APT) groups.

Read More >>

Remediate Vulnerabilities with Flashpoint

Federal agencies will need comprehensive vulnerability intelligence to secure critical digital infrastructure and maintain national security. However, publicly available sources such as CVE/NVD may not provide proper visibility. This is because they fail to report over 96,000 known vulnerabilities. Flashpoint’s VulnDB covers over 300,000 vulnerabilities. This affects IT, OT, IoT, and third-party libraries and dependencies. This benefits all organizations, including the private sector. Improve your security posture by requesting a demo today.

Frequently Asked Questions (FAQ)

Q. What is CISA and what is its primary role for US organizations?

A. CISA, the Cybersecurity and Infrastructure Security Agency, is a U.S. government agency. Its primary role is to lead national efforts to secure and protect the nation’s critical infrastructure (both public and private sector) from physical and cyber threats.

Q. What are CISA’s KEV Catalog and BOD 22-01?

A. The Known Exploited Vulnerabilities (KEV) Catalog is a list of vulnerabilities CISA has confirmed are actively being exploited by threat actors in the wild. Binding Operational Directive (BOD) 22-01 is the federal mandate that requires US government agencies to patch these KEV-listed vulnerabilities within a specified timeframe.

Q. How does Flashpoint help organizations address CISA mandates?

A. Flashpoint’s VulnDB solution covers a comprehensive range of vulnerabilities, including those that are often missed by public sources like NVD/CVE. This ensures organizations have the necessary visibility and intelligence to meet CISA’s KEV mandates and strengthen their overall security posture.