CISA, the US Cybersecurity and Infrastructure Security Agency, conducted a red team exercise at an unnamed federal agency and identified significant security failings that went unnoticed for five months. The exercise, known as SILENTSHIELD assessments, revealed vulnerabilities such as the exploitation of an unpatched vulnerability (CVE-2022-21587) in the agency’s Oracle Solaris enclave. Despite alerting the organization and providing a patch, it took over two weeks for the patch to be applied, delaying incident response. The exercise also highlighted the importance of timely patching and the need for thorough investigations of affected servers. Additionally, the exercise exposed weaknesses in password security and the reliance on known indicators of compromise (IoCs) for detecting intrusions. CISA emphasized the need for defense-in-depth principles, network segmentation, and secure software design to prevent similar security failings.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| CISA discovers security failings in federal agency | From inadequate security to improved defense-in-depth | Better cybersecurity practices and network segmentation | Need for stronger network security and defense-in-depth measures |