Biden administration faces increasing pressure to remedy SolarWinds breach

by



[ad_1]

The Russia-linked computer intrusion campaign has affected several federal agencies and the private sector, raising concerns about the security of company secrets, government emails and other sensitive data. The Trump administration formally singled out Russia earlier this month after revelations surfaced in December that hackers had inserted malicious code into a tool published by SolarWinds, a software vendor used by countless government agencies and Fortune 500 companies.

As Biden officials assume responsibility for investigating the hacking campaign, members of Congress, former federal officials and new evidence discovered by Microsoft this week have added a renewed urgency to the search for answers.

“This massive SolarWinds breach affects all of us, and frankly it’s not that surprising given what we’ve seen that the federal government is not well prepared to deal with these kinds of breaches.” Ohio Republican Sen. Rob Portman said in a hearing this week.

In a letter to congressional leaders on Friday, Kevin McAleenan, former acting secretary of the Department of Homeland Security, said it was imperative that Biden’s candidate for head of the department, Alejandro Mayorkas, be quickly confirmed. The SolarWinds incident, McAleenan wrote, highlights “the growing need to re-focus on the cybersecurity of our country, and in particular the security of our supply chain. In the wake of the SolarWinds breach, DHS needs dedicated and proven leadership to work together with other government agencies to resolve this issue immediately – and to ensure that we are prepared for possible future attempts. ”
The day after Biden was sworn in, a Congressional cybersecurity committee sent a 15-point list of policy priorities and recommendations to the White House, including steps to prevent another government breach.
And Microsoft’s report on Wednesday highlighted the sophistication of the attackers, estimating that they may have spent an entire month selecting their targets and developing custom code designed to stealthily compromise each victim. SolarWinds was only a mechanism used by the adversary to gain access to networks, an official from the Cybersecurity and Infrastructure Security Agency told CNN, noting that other techniques were used to gain access to networks and compromise information in the part of long-term intelligence gathering. effort.”

Amid the growing pressure, the Biden administration is still trying to update itself. Efforts by Biden staff members to understand the full extent of the breach were hampered before taking office, according to a former senior homeland security official.

“There are concerns that things are getting worse,” the former official told CNN.

Meanwhile, there are indications that officials have only scratched the surface of the telescope and scale, a source close to the probe said.

Speaking to reporters on Wednesday, White House press secretary Jen Psaki said the administration “will reserve the right to respond to any cyber attack at a time and in a manner of our choosing,” but that staff members “were just accessing their computers”. She declined to answer a question about Biden’s intention to raise the issue of espionage with Russian President Vladimir Putin.

Computer break-ins will be the focus of an upcoming presidential briefing by the intelligence community, Psaki added.

When former President Donald Trump finally weighed in on the massive cyberattack in a pair of tweets in December, instead of condemning the attack – or Russia – he played it down, criticized the media, and baselessly claimed that it could have affected American voting machines.
Biden appears ready to fight the espionage effort head-on.

“President Biden appears to understand the urgency of this crisis in a way that President Trump did not,” said Senator Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee. “And in its early days, (it) is moving at an appropriate speed to investigate the matter, so that we can take action to address its effects, respond appropriately to Russia and best determine how to deter and prevent such attempts in the future. . ”

But while there is little disagreement among U.S. officials that the intrusion was serious, opinions on a potential response and what it would look like vary.

A US official told CNN that the evidence currently suggests that hacking is still considered a highly sophisticated foreign intelligence operation and is not an act of cyber warfare – a nuanced distinction that will be factored into any discussion of options. reasonable response.

But that said, there will almost certainly be an imposed cost for the activity, the official added, noting that there is a price to be paid to get caught, even though the attack technically falls under foreign espionage.

“In all likelihood” the attack was cyber espionage, former acting Homeland Security Secretary Chad Wolf told CNN. By the time he stepped down earlier this month – amid a brutal resignation – the attackers had taken no action because of their access to those networks, he said.

General Keith Alexander, former director of the National Security Agency, told CNN that Biden had a range of policy options at his disposal.

“There are ways to respond by indicting individuals and through diplomatic and economic measures, which they should do,” Alexander said, “but any response in physical cyberspace would likely turn into a bigger attack on us, and we are not ready to defend against that. The nation is not ready for a cyber engagement like this. ”

Alexander added that Congress must pass legislation to make it easier for the public and private sectors to share threat information and to provide legal immunity to companies that share that data.

Biden’s response could also be complicated by a shortage of senior executives. Biden’s confirmed first cabinet pick – Avril Haines, the director of national intelligence – admitted earlier this week that she had yet to receive a confidential briefing on the hack, highlighting concerns that she and others Senior Biden officials could already be behind the expected eighth ball. to a difficult transition process.
Although she was sworn in on Thursday and indicated hacking was a top priority, other senior intelligence and homeland security positions remain vacant.

“I’ve never seen this level of vacancy. It’s mind-boggling, it really challenges continuity,” said a DHS official who cited CISA as an example of the Trump administration’s dismay. “We will have a hard time replacing some talent.”

Earlier this week, GOP Senator Josh Hawley blocked the quick review of Biden’s homeland security candidate, leaving the third-largest federal ministry without confirmed leadership. CISA has been led by career manager Brandon Wales since Trump sacked Chris Krebs shortly after the election.

Rob Silvers, a partner at law firm Paul Hastings, is expected to be asked to lead CISA in the Biden administration, according to a source familiar with the situation. He held the post of Assistant Secretary for Cyber ​​Policy at DHS under the Obama administration, as well as other senior positions within the department. Silvers did not respond to a request for comment.

“The biggest problem is you don’t have a confirmed secretary,” the former senior DHS official told CNN. “It really sets the tone and the trajectory for the ability to start getting things done.”

During his Senate confirmation hearing on Tuesday, Mayorkas said he is intensely studying the SolarWinds attack as a private citizen. If confirmed, he has promised to conduct a thorough review of two CISA cybersecurity programs – Continuous Diagnostics and Mitigation (CDM) and EINSTEIN – to understand whether they are sufficient to stop a threat such as SolarWinds, and if not, to explore additional defenses. for the federal government.

Wales said CISA “has actively engaged with the transition team”, including providing 14 briefings focused on the ongoing cyber incident. “We are committed to seamlessly integrating new members of the Biden administration into the Agency, while continuing our aggressive efforts to understand and respond to this complex cyber campaign,” he said in a statement Friday. at CNN.

Given how long the adversary has had access to certain networks, remediation – both short-term and long-term reconstruction – will be a protracted process, a CISA official told CNN.

CISA has already provided ideas to the Biden team to help evolve federal cybersecurity and overcome the challenges identified by the latest incident. The suggestions, the official said, include: funding CISA to drive out adverse activity on federal networks; the deployment of new sensors within federal agencies to detect abnormal activity; and improvements to the visibility of the cloud environment, such as Office 365.

Officials also plan to create a civilian program similar to the Pentagon model that helps ensure third-party partners meet cybersecurity standards, but that would be a longer-term endeavor, the official said.

[ad_2]

Source link