US CISA Offers List of Free Security Tools for Incident Response

The knowledge that US government systems have been exposed to serious vulnerabilities has been long-running for as long as I can remember. In those days, cracking poorly protected and misconfigured services running on popular network protocols was a cakewalk, and web services were easily exploitable.

Intrusions of this variety still occur today but in lesser frequency. That is because the driving force behind this security-focused mindset is the Cybersecurity and Infrastructure Security Agency (CISA).

Created at the stroke of a pen on Nov. 16, 2018, by former US President Donald Trump, the Cybersecurity and Infrastructure Security Agency Act of 2018 was signed into law. From that moment on, an agency exists that actually is proactive in informing, educating, as well as helping to protect US businesses, as well as government cybersecurity infrastructures.

Now under the Biden Administration, this initiative continues with momentum. Last November, President Biden issued a directive that was driven by the CISA that mandates all federal agencies to deploy patches against a list of vulnerabilities.

The CISA published a catalog of Common Vulnerabilities and Exposures (CVEs), to inform agencies of the greatest threats they faced, in order to minimize the attack surface of cybercriminals.

Needless to say, the Federal government arrived pretty late in the game, but it has been making up for it ever since in leaps and bounds.

Free Security Tools & Services Repository

On Friday, Feb. 18, the CISA published the list in the hope to strengthen the security of private companies by offering resources for detecting, mitigating, and responding to security incidences.

This includes 101 services provided by CISA, open-source applications, as well as utilities offered by the cybersecurity community of both the private and public sectors.

The scope of this initiative helps increase resilience against the constant probing of threat actors, but, more importantly, creates awareness of security flaws used in common software. Threat actors will always persist, but they do so only largely due to negligence, ignorance, and just downright inadequate security practices.

"Many organizations, both public and private, are target-rich and resource-poor. The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment,”

said CISA Director, Jen Easterly.

Following this vein of thought, the CISA also launched several dedicated portals, which offer documentation that explains known exploited vulnerabilities, a description of very risky cybersecurity procedures to avoid, education and advice for unyielding to ransomware attacks, and, lastly, how to handle threats of disinformation and nefarious information.

The agency didn’t stop there. Earlier, they put in motion a “Shields Up” campaign geared towards notifying US organizations concerning the possible risk of cyber threats aimed at discombobulating critical services that pose a risk to public safety. The CISA said:

"Malicious actors may use tactics — such as misinformation, disinformation, and malinformation — to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors."

Fundamental Security Check-List & How Hackers Succeed With Intrusions

The CISA offered a list of fundamental security measures, which serve as a rudimentary guideline for companies to adhere to, designed to help prioritize their security posture. The fact of the matter is, when it comes to the majority of companies in the United States, they have remained top targets because of relaxed or non-existence security measures.

The points they include are:

1. Fix the known security flaws in software;

2. Implement multifactor authentication (MFA);

3. Halt bad practices;

4. Sign up for CISA’s Cyber Hygiene Vulnerability Scanning, and more.

While they provide points to help explain their relevance, I would like to provide an explanation from my own perspective as a former black hat.

Fixing known security flaws in software is paramount. Software bugs can provide threat actors a backway through even otherwise tight security. Bugs can open alternative penetration possibilities for even bypassing a reliable Web Application Firewall (WAF). In most instances, this type of attack would otherwise be difficult to detect.

When important online accounts have no additional authentication layers, a threat actor who obtains your password can easily take over your account. However, by setting up 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), you create additional barriers against intrusion, which often require someone to either have physical access to your devices in order to authenticate. For example, I rely heavily on biometric authentication in addition to a 2FA authentication method.

“Bad practices” could amount to a laundry list of “Don’t-Do’s,” but CISA hit the bulls-eye by addressing the most common practices most users are guilty of doing. Using antedated software (including discontinued operating systems like Windows XP) would amount to either extreme naivety or downright insanity, in addition to depending on antedated software in use with critical infrastructure.

The reasons why are simple. When software becomes obsolete, bug fixes have ceased to exist which means there are no longer any security updates to protect users from the latest vulnerabilities.

Utilizing default, reused, or exposed passwords is another element that is extremely dangerous because every time person trades security for convenience, it’s only a matter of time before they will be paying for it.

If your online accounts have ever been compromised, with or without your knowledge, they usually will appear in searchable online data breach databases. Threat actors search these all the time and can obtain your commonly used password, in order to gain illicit access.

Single-factor authentication has no additional protective layer aside from having knowledge of your username/email and password. Enabling 2FA or MFA on your online accounts and physical devices will actually eliminate a very large number of threat actors who have no knowledge of how to bypass these security features.

Preventing intrusions begins with you. That is why practicing good security hygiene is paramount. Threat actors will persist. But how much effort you put in will deter a great number of lesser-skilled enemies from being able to take control of your castle.

An article by

Jesse McGraw

Edited by

Ana Alexandre