[ad_1]
Suspected Russian hackers gained access to email accounts belonging to the head of the Trump administration’s homeland security department and cybersecurity staff members of the department, whose jobs were to drive threats out of foreign countries, learned from the Associated Press.
The intelligence value of then acting secretary Chad Wolf’s hack and its staff is not publicly known, but the symbolism is striking. Their accounts were accessed as part of what is known as the SolarWinds intrusion. and it calls into question how the US government can protect individuals, businesses, and institutions across the country if it cannot protect itself.
The short answer for many security experts and federal officials is that it can’t – at least not without some significant changes.
“The SolarWinds hack was a victory for our foreign adversaries and a failure for DHS,” said Sen. Rob Portman of Ohio, Republican head of the Senate Committee on Homeland Security and Government Affairs. “We are talking about the crown jewels of DHS.”
The Biden administration has tried to keep tabs on the scope of the SolarWinds attack as it assesses retaliatory measures against Russia. But an AP investigation found new details of the breach at DHS and other agencies, including the Department of Energy, where hackers accessed the private schedules of senior officials.
The AP interviewed more than a dozen current and former U.S. government officials, who spoke on condition of anonymity due to the confidential nature of the ongoing hacking investigation.
Homeland Security vulnerabilities in particular heighten concerns following the SolarWinds attack and an even more widespread hack affecting the Microsoft Exchange email program., especially since in both cases, the hackers were not detected by the government but by a private company.
In December, officials discovered what they describe as a sprawling, month-long cyber espionage effort, carried out in large part by hacking widely used software from Texas-based SolarWinds Inc. At least nine federal agencies have been hacked, along with dozens of private sector companies.
US officials said the breach appeared to be the work of Russian hackers. Gen. Paul Nakasone, who heads the Pentagon’s cyber force, said last week that the Biden administration was considering a “range of options” in response. Russia has denied any role in the hacking.
Since then, a series of headline-grabbing hacks has further exposed public and private sector vulnerabilities in the United States. Hacker tried unsuccessfully to poison the water supplying a small town in Florida in February, and this month a new loophole was announced involving thousands of Microsoft Exchange mail servers that the company says were carried out by Chinese hackers. China has denied involvement in Microsoft breach.
Senator Mark Warner, Democrat of Virginia and head of the Senate Intelligence Committee, said the government’s initial response to the discovery of the SolarWinds hack was rambling.
“What struck me was how much we stayed in the dark as long as we were in the dark,” Warner said at a recent cybersecurity conference.
Wolf and other senior homeland security officials used new phones that had been cleaned with the popular Signal encrypted messaging system to communicate in the days following the hack, current and former officials said.
A former administration official, who confirmed that the Federal Aviation Administration was among the agencies affected by the breach, said the agency was hampered in its response by outdated technology and struggled for weeks to identify the number of servers running the SolarWinds software.
The FAA first told the AP in mid-February that it had not been affected by the SolarWinds hack, only to issue a second statement days later that it was continuing its investigation.
At least one other cabinet member besides Wolf was affected. The hackers were able to obtain the private schedules of energy department officials, including then-secretary Dan Brouillette, a former senior administration official said.
The new disclosures provide a more complete picture of the type of data taken during the SolarWinds hack. Several congressional hearings were held on the subject, but they lacked details.
Representative Pat Fallon, R-Texas, told one of the hearings that an email from a DHS secretary was hacked but did not provide further details. The AP was able to identify Wolf, who declined to comment other than to say he had multiple email accounts as a secretary.
DHS spokeswoman Sarah Peck said “a small number of employee accounts have been targeted in the breach” and the agency “no longer sees indicators of compromise on our networks.”
The Biden administration has pledged to issue an executive order in the near future to address “significant gaps in cybersecurity modernization and technology across the federal government.” But the list of hurdles facing the federal government is long: highly skilled foreign hackers backed by governments unafraid of U.S. retaliation, outdated technology, a shortage of trained cybersecurity professionals, and a strong backbone structure. complex management and oversight.
The recently approved stimulus package includes $ 650 million in new funding for the Cybersecurity and Infrastructure Security Agency to bolster the country’s cyber defenses. Federal officials said the amount was just a down payment on much larger spending planned to improve threat detection.
“We need to improve our game,” Brandon Wales, who heads the cybersecurity agency, said at a recent House committee hearing.
The agency operates a threat detection system called Einstein. Its inability to detect the SolarWinds flaw before it was discovered by a private security firm has alarmed officials. Eric Goldstein, the agency’s executive deputy director for cybersecurity, told Congress that Einstein’s technology was designed ten years ago and “has become somewhat obsolete.”
Anthony Ferrante, former director of cyber incident response at the United States National Security Council and current senior managing director of FTI Consulting, said part of the problem, both in government and in the private sector, is the lack of skilled labor.
The Microsoft Exchange hack, which to date has not affected any federal government agency, was also discovered by a private company.
One problem that is baffled by policymakers is that hackers in foreign states are increasingly using US virtual private networks, or VPNs, to evade detection by US intelligence agencies, who are legally forced to monitor infrastructure. national. Hosting services from Amazon Web Services and GoDaddy were used by SolarWinds hackers to evade detection, officials said recently.
The Biden administration does not plan to step up government surveillance of the US Internet in response and instead wants to focus on closer partnerships and better information sharing with private sector companies that already have high visibility. on the national Internet.
Responsibility for responding to violations, preventing new ones and overseeing these efforts remains unresolved, and Senate Intelligence Committee leaders last month criticized the Biden administration for a “disorganized response. To the SolarWinds hack.
The Biden administration has called in Anne Neuberger, the deputy national security adviser for cyber and emergency technologies, to respond to violations from SolarWinds and Microsoft. He did not appoint a national cyber director, a new position, which frustrated some members of Congress.
“We are trying to wage a multi-front war with no one in charge,” said Independent Senator Angus King of Maine.
The Biden administration says it is considering how best to create the new post. “Cyber security is a top priority,” White House spokeswoman Emily Horne said.
___
Suderman reported from Richmond, Virginia. Associated Press writer James LaPorta contributed to this report.
[ad_2]
Source link