The Department of Defense has not been ensnared by a broad intrusion into on-premises versions of Microsoft Sharepoint, its chief information officer said Thursday.
“As of right now, no, not that I’m aware of,” Katie Arrington said at the ATO and Cloud Security Summit Thursday in a stage interview. Arrington said she’s been doing daily calls with Microsoft while the department has been conducting forensics investigations since the “zero-day” vulnerability was publicly identified this past weekend.
Thus far, several federal agencies have been affected, including the departments of Energy, Homeland Security and Education. And up to a dozen federal entities have been notified of possible compromise by the Cybersecurity and Infrastructure Security Agency, according to a source familiar. DHS issued a statement that its investigation into the hack remains ongoing but “there is no evidence of data exfiltration at DHS or any of its components at this time.”
Microsoft has attributed some of the hacking activity to Chinese state-aligned groups, but it’s not known whether China-linked entities themselves were responsible for the hit to DHS or other agencies. Security patches have been made available for all affected versions of SharePoint, Microsoft said in a blog post.
Arrington said the latest series of hacks — and attempted hacks — reiterate the constant threats posed by state actors to U.S. and defense systems. When zero-day vulnerabilities — which have not been previously uncovered and therefore give developers zero days to patch them — are found, cybersecurity professionals need to act immediately and apply those patches.
“Russia, China, Iran, North Korea, are they going to continue? Yes. Are they going to look for any hole that they can find? Yes.” Arrington said. “It’s a zero-day the day you found out about it, a patch was made that same day. And how fast we deploy the patches, how fast we work as a unified body to, I say, turn the lights on an adversary when they do something, that’s how fast resilience will be.”
Nextgov/FCW Cybersecurity and Intelligence Reporter David DiMolfetta contributed to this report.
