US government caught off guard by sophisticated cyber hacking, experts say



[ad_1]

Russia has long been viewed as a threat in cyberspace. But after one of the most successful cyber-intrusion campaigns in US history, questions arise as to how the federal government was so completely blinded by an attack that many experts saw coming.

The successful hack of several federal agencies and tens of thousands of individual federal and private entities – widely believed to be a Russian intrusion and which federal authorities are warning is underway – has succeeded in overturning sophisticated protections by targeting the third-party software provider SolarWinds.

“We shouldn’t have been surprised, the Russians are very sophisticated, they are very dedicated and relentless, and that seemed like a soft target that they were able to exploit,” Christopher Painter, the Department’s former cybersecurity coordinator of State under Trump. and the Obama administrations, told The Hill on Friday.

Russia, alongside China, North Korea and Iran, is seen as one of the most pressing threats to the United States in multiple areas.

After the 2016 presidential election, when Russian agents launched a large and sophisticated campaign designed to tip the election into the now –President TrumpDonald Trump Trump signs bill to keep government open amid US relief talks to shut down two Russian consulates ‘Guardians of the Galaxy’ tendencies on social media after new name for Space Force, key federal agencies have embarked on a four-year process to consolidate elections and ensure this type of attack does not happen again.

These officials, led by the two-year-old Cybersecurity and Infrastructure Security Agency (CISA), were largely successful, on election day seeing few security incidents.

However, some say the United States may have distracted attention from other attack vectors used by Russia.

On Friday, agencies such as the Department of Energy and its National Nuclear Security Administration, the Department of Homeland Security, the State Department and the Treasury Department were reportedly violated in connection with the incident. spying. SolarWinds has reported that it believes at least 18,000 of its customers have been compromised by the hack.

Hackers entered the systems as early as March, and questions have risen over how much data they were taking or could access.

“This is the largest cyberattack in US history,” Tom Kellermann, former Obama administration cybersecurity committee member and current head of cybersecurity at VMWare, told The Hill. CarbonBlack. “It’s unprecedented in my 22 years in the business.”

Kellermann said he and his team believe Russia has stepped up its cyberattacks against the United States in retaliation for the success of securing the 2020 election and the disruption of the international botnet group “TrickBot” which targeted critical US infrastructure. with ransomware viruses.

He noted that the ransomware attacks on hospitals during the fall “should have been a signal and a red line indicating a dramatic escalation.”

Key details emerge from overlooked vulnerabilities.

“It is important to focus on this nuance that there is a small set of actions that can help prevent incidents like this in the future and which could potentially have been discovered sooner,” said David Springer, who served at the National Counterterrorism Center and the Defense Intelligence Agency and is currently at the Bracewell law firm.

“SolarWinds penetration appears to be the product of poor cyber hygiene within the company,” said Mark Montgomery, senior researcher at the Foundation for the Defense of Democracies. “And let’s not under-sell the skills of authors. Russian intelligence services – SVR – are capable opponents. ”

The idea of ​​beefing up cybersecurity defenses and focusing on critical supply chains for federal agencies is not a new issue at Capitol Hill, with both enjoying broad bipartisan support. However, the partisan deadlock on other issues has made it increasingly difficult to pass legislation through Congress, slowing down cyber priorities.

The National Defense Authorization Act (NDAA) 2021, which includes the widest range of federal cybersecurity improvements in years, including provisions establishing a cyber tsar in the White House and strengthening powers of the CISA.

President Trump has announced his intention to veto the bill on other concerns, sparking a bipartisan backlash, and has yet to comment on the violation, although he has reportedly been briefed on the matter.

“This cyberattack presumably perpetrated by the Russians highlights the glaring vulnerabilities of our federal cybersecurity system,” Sen said. Susan collinsSusan Margaret Collins Lawmakers Call on Trump to Take Action Against Massive Government Hack Senator Alexander Plays Christmas Carols in Senate Offices No, Biden has yet to win – another nightmare scenario MORE (R-Maine), member of the Special Senate Committee on Intelligence, tweeted friday.

“The president should immediately sign the NDAA not only to maintain the strength of our army, but also because it contains important cybersecurity provisions that would help to thwart future attacks,” she said. added.

Leaders of the Senate Armed Services Committee issued a statement Thursday evening describing the NDAA as “must-see legislation” in light of the violation. Meaning. Rob portmanRobert (Rob) Jones PortmanHillicon Valley: Lawmakers Ask if Massive Hack Equals Act of War | Microsoft Says Systems Exposed In Massive SolarWinds Hack | Senators push for tech liability protection not included in UK trade deal Senators insist technology liability protection not included in UK trade deal Team Biden is down on it at risk, but capable and ready MORE (R-Ohio) and Gary PetersGary PetersKrebs Focuses on Election Security as Senators Smash Hillicon Valley: Facebook Ad Freeze Lifted for Second Round in Georgia | More branches affected in massive cyberattack | Krebs to Testify on Election Security Krebs to Testify at the Senate Hearing on Election Security this week READ MORE (D-Mich.), The new leaders of the Senate Committee on Homeland Security and Government Affairs, on Friday promised to produce “comprehensive bipartisan legislation” next year to ensure this type of attack does not happen again.

National security officials are challenged to know how to respond to foreign cyber espionage, resisting the imposition of high costs that could be inflicted on the United States for its own intelligence gathering.

Officials took action when espionage activity reached a level threatening national security, such as the Trump administration’s closure of the Chinese consulate in Houston in July for what it called espionage activity ranging beyond intelligence gathering.

Singer, the former federal counterterrorism official, said available information about the SolarWinds attack points to traditional espionage, but is concerned about what national security infrastructure is compromised.

“Based on the very early days, from the limited information we have so far, it seems like this was mostly traditional intelligence gathering, but I think it’s a real problem that the same Access to these critical targets and systems could easily be used for other purposes in the future if it had not been discovered, ”he said.

John boltonJohn Bolton Lawmakers call on Trump to take action against massive government hack Biden vows to make cybersecurity ‘imperative’ after Trump’s massive hack faces bipartisan and international crackdown on recognition of Western Sahara MORE, Trump’s former national security adviser, said the US response must be at least three times the cost of the attack that was incurred, in an interview with MSNBC.

“The top priority has to be, if we determine that it is the Russians, this is where the information tends to point, what the retaliation will be,” he said. “And I think it should be, no matter what we estimate. Cost we incur – more, more, more. That’s how you re-establish deterrence.”



[ad_2]

Source link