With the kickoff of National Cybersecurity Awareness Month, the Department of Homeland Security (DHS) has been actively focused on cybersecurity this week. The department is continuing its efforts to enhance cybersecurity across the nation’s critical infrastructure, which Secretary Kirstjen Nielsen emphasized in her talk at the Washington Post’s Cybersecurity Summit on October 2, 2018.
In advocating for The Cybersecurity and Infrastructure Security Act, Nielsen said, “We are responsible for federal efforts when it comes to both protecting critical infrastructure, working with the owner-operators in private sector, and protecting all those civilian dot govs. To do that, we have to have both a name that indicates that is what we do, and we have to be able to streamline the organization so that we can become more operational.”
That same day, DHS and the Department of Energy (DOE) met with the Oil and Natural Gas Subsector Coordinating Council (ONG SCC) to discuss how industry and government can be more strategic in their approach to securing pipelines and other critical infrastructure.
“This meeting was a key milestone in the partnership between the federal government and the oil and natural gas industry, as we launched the pipeline cybersecurity initiative that partners DHS National Protection and Programs Directorate (NPPD) cybersecurity resources, DOE’s energy sector expertise, with TSA’s regular and ongoing assessments of pipeline security to get a broader understanding of the risks the sector faces,” said NPPD Under Secretary Christopher Krebs.
“Collaborative efforts like this allow us to better understand the threat landscape and direct more targeted and prioritized risk management activities. We look forward to continuing these important meetings with the other critical infrastructure sectors across the country.”
Underscoring the extent of its broad commitment, DHS also announced on Tuesday that it awarded $200,000 to Israel-based Morphisec to develop technology solutions that better protect financial institutions against cyber-attacks as part of the S&T Silicon Valley Innovation Program (SVIP).
The award falls under the Financial Services Cyber Security Active Defense Technologies solicitation, which explores advanced technologies that can defend the nation’s financial infrastructure from nation-state attacks.
According to the DHS, Morphisec will “extend, deploy, test and evaluate a moving target defense (MTD)–based cybersecurity solution for virtual desktop infrastructure (VDI) environments.” The challenge is to develop and then deploy a solution that doesn’t impact the overall performance of a VDI environment while preventing cyber-attacks on financial institutions.
MTD-based solutions change locations of libraries, functions, variables and other types of data at random, which makes attacking the system much more complicated and more expensive for attackers.
“The use of VDI has grown in recent years, most commonly as an efficient structure for servers, both physical and cloud based,” said Greg Wigton, program manager for the cybersecurity division within DHS. “If attacked while unprotected, vulnerabilities in a VDI environment may impact every connected device, and each machine can be a potential target for entry to the VDI.”