CISA, Microsoft unveil progress on free logging capabilities for federal agencies

The Cybersecurity and Infrastructure Security Agency is touting progress on an agreement with Microsoft to ensure advanced logging capabilities are available to all federal agencies for free, a move CISA says will make it easier for the federal government to root out cyber attacks.

Starting this month, Microsoft will automatically enable logs and increase the default log retention period from 90 to 180 days for all federal agencies using Microsoft Purview Audit, regardless of the license tier. CISA, Microsoft, the White House Office of Management and Budget, and the Office of the National Cyber Director released the details in a joint announcement today.

Lawmakers have previously criticized Microsoft over its practice of charging customers, including federal agencies, for logging capabilities that are typically needed to identify cyber attacks.

After suspected Chinese cyber intruders hacked into the unclassified Microsoft email accounts of Commerce Secretary Gina Raimondo and high-level State Department officials last year, CISA said it would work with Microsoft to expand free logging capabilities. The State Department was able to identify the intrusion by detecting anomalous activities in logging data.

For the past six months, CISA and Microsoft had worked on an expanded log capability pilot program with a select set of federal agencies.

The agency said Microsoft’s move is a “further step” in meeting CISA’s “Secure by Design” principles. The guidance states technology providers should supply “high-quality audit logs to customers at no extra charge or additional configuration.”

“Last summer, we were glad to see Microsoft’s commitment to make necessary logging available to federal agencies and the broader cybersecurity community. I am pleased that we have made real progress toward this goal,” CISA Executive Assistant Director for Cybersecurity Eric Goldstein said in the announcement today.

CISA said the free logging capabilities will help agencies meet requirements under an August 2021 OMB directive on log management. That memo was issued in the wake of the software supply chain attack on SolarWinds. Many agencies struggled to detect that intrusion because they lacked the necessary network logs to investigate and remediate potential cyber incidents.

CISA also released an “Expanded Cloud Log Implementation Playbook” in coordination with Microsoft today. The agency said it provides details on “each newly available log and how these logs can be used to support threat hunting and incident-response operations.”

In a blog post today, Microsoft security specialist Casey Kahsen wrote the logging data will provide agencies “with powerful insights to hunt for and detect both business email compromise (BEC), advanced nation state threats, and insider risks that seek to gain access to your organization’s most sensitive information.”

Biden signs port cybersecurity EO

Meanwhile, President Joe Biden today signed an executive order giving the Coast Guard the authority to set cybersecurity standards for U.S. port networks and systems.

The EO allows the Coast Guard to require vessels and waterfront facilities to address any cybersecurity issues that could endanger the safety of vessels, facilities or harbors. It also requires port operators to report any cyber incidents to CISA, the FBI and the Coast Guard.

The Coast Guard today also released a notice of proposed rulemaking to establish baseline cybersecurity requirements for the maritime transportation sector. Comments are due April 22.

The actions are the latest in the Biden administration’s push to set minimum cybersecurity requirements across critical infrastructure sectors.

“Most critical infrastructure owners and operators have a list of safety regulations they have to comply with, and we want to ensure that there are similar requirements for cyber, when a cyber attack can cause just as much, if not more, damage than a storm or another physical threat,” Deputy National Security Advisor Anne Neuberger said on a call with reporters yesterday.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.