NSA Publishes Cybersecurity Year in Review Report
The United States National Security Agency (NSA) has released its 2020 Cybersecurity Year in Review report, which summarizes the NSA Cybersecurity Directorate’s first full year of operation.
The Cybersecurity Directorate was formally announced in July 2019, with a focus on protecting national security networks and the defense industrial base. Led by Ms. Anne Neuberger, Director of Cybersecurity, the Directorate was also aiming to improve cybersecurity efforts through partnerships.
The Cybersecurity Directorate remained true to its goal throughout 2020, the report claims, working to prevent and eradicate cyber threats through combining threat intelligence and cryptography knowledge with vulnerability analysis and defense operations.
“Drawing on lessons learned from the 2016 presidential election and the 2018 mid-term elections, NSA was fully engaged in whole-of-government efforts to protect the 2020 election from foreign interference and influence. Cybersecurity was a foundational component of NSA’s overall election defense effort,” the report (PDF) reads.
Last year, the NSA helped the Department of Defense (DoD) eliminate weak cryptography and approved quantum-resistant cryptographic algorithms, to ensure that the Department’s cryptography is modern enough to resist quantum computing attacks.
In the context of the COVID-19 pandemic, the NSA helped the DoD’s transition to telework, providing solutions for approximately 100,000 users to work remotely securely. Furthermore, the Agency was involved in Operation Warp Speed (OWS), an effort aimed at accelerating the development of a COVID-19 vaccine.
Since the Directorate’s creation, the NSA has provided 30 unique, timely and actionable cybersecurity products to alert the National Security System (NSS), DoD, and Defense Industrial Base (DIB) network owners of cyber-threats.
Some of the intelligence shared by the Agency in 2020 includes details on Windows 10 flaws and on Drovorub malware, IOCs associated with the targeting of Exim mail servers by the Russia-linked Sandworm Team, details on bugs threat actors abuse to install web shell malware on web servers, and a list of 25 vulnerabilities commonly targeted by Chinese threat actors.
Although the Cybersecurity Advisories (CSAs) were mainly destined for NSS, DoD, and DIB owners, the private sector in the United States and abroad could also leverage the intelligence to strengthen security posture, the NSA says.
Furthermore, the NSA released guidance on properly configuring IPsec VPNs (IP Security Virtual Private Networks), on how to customize the Unified Extensible Firmware Interface (UEFI) Secure Boot, and how to security networks and employees during telework.
Last year, NSA’s Cybersecurity Collaboration Center worked on advancing public-private collaboration and on refocusing Enduring Security Framework (ESF) efforts toward the security of 5G deployments. The Agency also launched the Center for Cybersecurity Standards (CCSS), meant to engage with standards bodies.
“NSA also continues to discover and release cybersecurity vulnerabilities to private industry through an approved, intra-government process. For the past three years, vulnerability disclosures by NSA have trended upward, as the Agency commits to enabling the security of commercial technologies that the U.S. Government, our military, our businesses, and our citizens rely upon,” the Agency notes.