CISA Taking Over Open-Source Logging Tool Created by UK Government

The United Kingdom’s cybersecurity agency has ended support of an open-source tool it created to make it easier to log security events on Windows operating systems—unironically dubbed “Logging Made Easy.” But not long after the U.K. announced it would cease support for the software, the United States’ Cybersecurity and Infrastructure Security Agency stepped in with a vow to maintain and update the tool.

“Logging Made Easy is a great resource created by our teammates at [the National Cyber Security Centre] that provides basic logging of security information for Windows devices,” CISA Director Jen Easterly said Thursday in the announcement. “Given CISA’s continued focus on providing support to ‘target-rich/cyber-poor’ entities, LME is another great tool we can leverage to assist our partners. We’re proud to take on this program which showcases, yet again, our seamless collaboration with our close partners at NCSC.”

Generating, storing and analyzing network logs—and ensuring your organization is collecting the right logs—can be a large task. And while federal agencies are under mandate to collect and maintain certain cybersecurity-related logs, there is currently no funding allocated specifically for that effort.

In February, CISA made public a document outlining which logs and systems agencies should prioritize.

Across the Atlantic, NCSC-UK developed the open-source LME tool—published on GitHub in 2018—as a free resource.

The U.K. cyber agency announced in January that it would be ending support for the tool as of March 31 in order to “focus on the most significant cyber security challenges” and “divert resources to new initiatives designed to help protect the U.K.’s cyber infrastructure,” according to an agency blog post.

The blog was updated Thursday to reflect CISA’s new commitment to take over stewardship of the project, including a caveat:

“Neither agency will maintain code between now and when CISA reconstitutes the tool on their GitHub page. Current users who continue to use LME during this intersessional period must maintain and update the tool independently, and do so at their own risk.”

The tool will be republished on CISA’s GitHub page likely by the end of the summer, though a hard date has not been set.

“Our Logging Made Easy project has undeniably delivered results and we are proud to have supported thousands of defenders to keep their networks safe,” said Lindy Cameron, NCSC CEO. “The project’s transition to oversight from CISA will mean that existing and new users of the tool will continue to reap the significant benefits that it provides.”