More than two years after an alleged Russian hacking campaign exposed glaring weakness in US federal defenses, the Department of Homeland Security’s cyber agency has not updated a key agency blueprint for maintaining communications in the event of a major hack, the department’s inspector general said Monday.
The watchdog’s finding highlights the continued fallout from the 2020 Russian cyber-espionage campaign, which infiltrated at least nine US federal agencies and prompted major changes to US cybersecurity policy.
In the two years since the campaign’s discovery, DHS’s Cybersecurity and Infrastructure Security Agency has “improved its ability to detect and mitigate risks from major cyberattacks, but work remains to safeguard Federal networks,” the inspector general’s report says.
CISA also still needs to update its “continuity of operations plan” and a separate backup plan for communicating securely in the event of another breach, the inspector general said. In a written response to the inspector general, CISA officials said that updates to both plans will come this year.
Additionally, CISA still needs more cyberthreat data from the civilian agencies it helps protect and until then, the watchdog said, “CISA may not always be able to effectively detect and mitigate major cyberattacks.”
The alleged Russian hacking campaign used a bugged version of software made by popular federal contractor SolarWinds. Thousands of the company’s clients downloaded the update, exposing them to potential collection from Russia’s foreign intelligence service, which US officials blamed for the incident. Moscow denies the charge.
But the hackers homed in on a smaller number of targets, including the unclassified networks of the departments of Homeland Security and Justice. For months, the attackers had access to these departments email systems and could snoop on correspondence between officials, according to investigators.
With US officials’ communication compromised, the alleged Russian spies identified a handful of key cybersecurity officials and analysts who responded to the breach and attempted to access their email accounts, CNN previously reported.