Two cybersecurity programs the Department of Homeland Security offers both states and the private sector have been temporarily knocked offline due to a power outage, while other services have been shifted to backup locations, multiple sources tell CyberScoop.
The National Cybersecurity and Communications Integration Center (NCCIC), the 24/7 hub for monitoring cyberthreats across the government and critical infrastructure, has shifted operations to a backup location in Florida. The move was made after the Arlington, Virginia, building that houses NCCIC lost power last week due to heavy rains.
Additionally, two other programs under NCCIC’s National Cybersecurity Assessments and Technical Services (NCATS) — Cyber Hygiene vulnerability scans and Phishing Campaign Assessment — have been offline since July 26.
The Cyber Hygiene program remotely detects known vulnerabilities on internet-facing services. The Phishing Campaign Assessment program is part of a remote penetration testing service. Both programs are used by hundreds of customers across the country. Thirty-four states have received vulnerability scans through the Cyber Hygiene program, according to a DHS presentation given at the National Association of State Election Directors summer conference.
DHS Assistant Secretary for Cybersecurity and Communications Jeanette Manfra told CyberScoop that the disruption to Cyber Hygiene is temporary, and that election systems will be the first to resume service once the program comes back online. Officials expect scans to resume Aug. 6.
The building housing NCCIC suffered heavy damage on when portions of the façade ruptured due to the volume of rain that fell in the Washington, D.C., region. The roof of a restaurant on the building’s ground level failed during business hours on July 26.
… A number of DHS offices are in that building.
CyberScoop has learned that due to the water damage, the building completely lost power, which prevented server rooms used by DHS from staying cool. Once the room reached a certain temperature, a sprinkler system was activated. Those sprinklers damaged servers supporting the Cyber Hygiene and Phishing Campaign Assessment programs.
On Sunday, the NCATS office sent an email to its customers informing them that Cyber Hygiene and Phishing Campaign Assessment were offline and that contingency plans have been put in place.
“In order to minimize the operational impact, we immediately implemented our contingency plans and transferred functions to other sites, including NPPD’s facility in Pensacola, Fla.,” the email, obtained by CyberScoop, reads. “We are working to restore these services as quickly as possible. We will let you know when the service and reports will resume.”
NPPD is the National Protection and Programs Directorate, which oversees NCCIC.
The power outage has had a “minimal impact” on DHS’s cybersecurity operations, Krebs said. The incident has not, for example, affected the department’s ability to respond to cyber incidents or issue warnings to the private sector.
DHS has been at the center of the federal government’s efforts to fortify U.S. voting infrastructure following the 2016 presidential election, when Russian hackers probed systems in 21 states. Last week it was revealed that the same outfit of Russian hackers that meddled in the 2016 election appears to have targeted Sen. Claire McCaskill‘s office.
With the DHS looking to create a central Risk Management program, seeing stories like this does not instill confidence that the U.S. Government, and the DHS in particular, are up to the challenge.
This slays me:
Chris Krebs, the undersecretary of NPPD, told CyberScoop that the department is “taking this opportunity to get some efficiencies into the system, but also to build resilience and redundancy.”
Those are the words uttered after every such event.
By the way for those not in the know, there is a well-known process call Disaster Recovery and Business Continuity Planning (DR/BCP) that has been around for decades to plan for just this sort of event.