The Cybersecurity and Infrastructure Security Agency has released a report regarding a SILENTSHIELD red team activity conducted in 2023 meant to assess the cybersecurity posture of an unnamed federal civilian executive branch organization.
During such assessments, red teams simulate the behavior of sophisticated threat actors without notifying the target FCEB organization in order to achieve a more realistic cyber evaluation, CISA said Thursday. Findings are subsequently shared with the target organization to help them address weaknesses as well as strengths.
The recent report discusses the lessons that the target organization learned from 2023 activity. These lessons include an insufficiency in controls for the detection and prevention of malicious activities; poor network log collection, retention and analysis; ineffective detection approaches; and network defenders being hindered by bureaucratic processes.
To address similar cybersecurity risks, the report recommends the adoption of multiple mitigations, including the application of defense-in-depth principles; the use of network segmentation; and the establishment of network traffic, application execution and account authentication baselines in lieu of aiming to deny known indicators of compromise.
The report also calls on software developers to adopt Secure by Design principles to protect customers, noting that insecure software contributes to the issues identified in the red team activity.
In 2023, Eric Goldstein, who was then CISA’s executive assistant director for cybersecurity, testified before Congress about the results of his agency’s preemptive cyber initiatives, including SILENDSHIELD. Read about what he told lawmakers during that hearing.