The Biden administration faces growing pressure to deal with the SolarWinds breach

The Biden administration faces growing pressure to deal with the SolarWinds breach

by
The computer invasion campaign that has been linked to Russia has hit several federal agencies and the private sector, raising concerns about the security of corporate secrets, government e-mails and other confidential data. The Trump administration formally pointed the finger at Russia earlier this month, after revelations surfaced in December that hackers had put malicious code into a tool published by SolarWinds, a software provider used by countless government agencies and Fortune companies. 500.

While Biden officials take responsibility for investigating the hack campaign, members of Congress, former federal employees and new evidence discovered by Microsoft this week added new urgency to the search for answers.

“This massive breach by SolarWinds worries us all and, frankly, it’s not so surprising, given what we’ve found, that the federal government is not well prepared to deal with these types of breaches,” Sen. Rob Portman, Republican of Ohio, said. in an audience this week.

In a letter on Friday to Congressional leaders, Kevin McAleenan, former acting secretary of the Department of Homeland Security, said it is imperative that Biden’s nominee to lead the department, Alejandro Mayorkas, be quickly confirmed. The SolarWinds incident, McAleenan wrote, underscores “the growing need for a renewed focus on our country’s cybersecurity and, in particular, on the security of our supply chain. Following the SolarWinds breach, DHS needs dedicated leadership and confirmed to work together with other government agencies to resolve this issue immediately – and to ensure that we are prepared for potential future attempts. ”
The day after Biden’s inauguration, a Congressional committee on cybersecurity sent the White House a list of 15 priority points and policy recommendations, including measures to prevent another government breach.
And Microsoft’s report on Wednesday further highlighted the sophistication of the attackers, estimating that they may have spent an entire month selecting their targets and developing custom code designed to sneakly compromise each victim. SolarWinds was just a mechanism that the adversary used to gain access to networks, an official from the Infrastructure and Cybersecurity Security Agency told CNN, emphasizing that other techniques were used to gain access to networks and compromise information as part of an intelligence gathering. long term. effort.”

Amid growing pressure, the Biden government is still trying to catch up. Efforts by Biden officials to understand the full extent of the breach were hampered before taking office, according to a former National Security official.

“There is a concern that things may get worse,” the former employee told CNN.

Meanwhile, there are indications that the authorities have only scratched the surface of scope and scale, said a source familiar with the investigation.

Speaking to reporters on Wednesday, White House press secretary Jen Psaki said the government “would reserve the right to respond at any time and in any way we wish to any cyber attack”, but that officials were just “just accessing your computers. ” She refused to answer a question about whether Biden intended to raise the issue of espionage with Russian President Vladimir Putin.

Computer hacks will be the focus of a presidential briefing by the intelligence community, added Psaki.

When former President Donald Trump finally gave his opinion on the massive cyber attack in two tweets in December, instead of condemning the attack – or Russia – he downplayed, criticized the media and argued without basis that it could have affected the polling stations of USA.
Biden seems ready to face the spying effort head-on.

“President Biden seems to understand the urgency of this crisis in a way that President Trump did not,” said Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee. “And in his early days, (he) is moving with the proper speed to investigate it, so that we can take steps to remedy its effects, respond appropriately to Russia and better determine how to stop and prevent such attempts in the future.”

But while there is little disagreement among US officials that the intrusion was severe, opinions about a potential response and how that reaction would vary.

A U.S. official told CNN that the evidence suggests that the hack still qualifies as a highly sophisticated foreign intelligence operation and is not actually an act of cyber warfare – a subtle distinction that will influence any discussion of reasonable response options.

That said, it is almost certain that there will be a cost imposed by this activity, added the official, noting that there is a price to be paid for being caught, even if the attack technically falls within the lines of foreign espionage.

“In all likelihood,” the attack was cyber espionage, former acting Homeland Security Secretary Chad Wolf told CNN. By the time he stepped down earlier this month – amid an abrupt layoff – the attackers had done nothing because of access to these networks, he said.

General Keith Alexander, a former director of the National Security Agency, told CNN that Biden has a range of policy options available to him.

“There are ways to respond by accusing individuals and by diplomatic and economic measures, what they should do,” said Alexander, “but any cyber response in the physical space would likely turn into a bigger attack against us, and we are not prepared to defend ourselves. against that. The nation is not ready for such cyber engagement. ”

Alexander added that Congress should pass legislation to allow the public and private sectors to share information about threats more easily and to provide legal immunity for companies that share that data.

Biden’s response can also be complicated by the lack of senior staff. The Cabinet’s first choice confirmed by Biden – Avril Haines, the director of national intelligence – acknowledged earlier this week that she had not yet received a confidential briefing on the hack, underscoring concerns that she and other senior Biden officials may already be behind the eight ball due to a difficult transition process.
Although she took an oath on Thursday and indicated that the hack was a priority, other intelligence and homeland security positions remain vacant.

“I’ve never seen that level of vacancy. It’s mind boggling, it really defies continuity,” said a DHS official who pointed to CISA as an example of the Trump administration’s leadership disorder. “We will have challenges to replace some talents.”

Earlier this week, Republican Senator Josh Hawley blocked Biden’s Homeland Security candidate’s quick consideration, leaving the third largest federal department without confirmed leadership. CISA has been led by career officer Brandon Wales since Trump sacked Chris Krebs shortly after the election.

Rob Silvers, a partner at the law firm Paul Hastings, is expected to be hired to lead CISA in the Biden government, according to a source familiar with the situation. He served as an assistant secretary for cyber policy at DHS during the Obama administration, as well as in other key functions in the department. Silvers did not respond to a request for comment.

“The biggest problem is that you don’t have a confirmed secretary,” the former senior DHS official told CNN. “It really sets the tone and the trajectory of the ability to start doing things.”

During the Senate confirmation hearing on Tuesday, Mayorkas said he was intensely studying the attack on SolarWinds as a private citizen. If confirmed, he promised to conduct a thorough review of two CISA cybersecurity programs – Continuous Diagnosis and Mitigation (CDM) and EINSTEIN – to understand whether they are sufficient to prevent a threat like SolarWinds and, if not, to exploit additional defenses for the federal government.

Wales said that CISA “actively became involved with the transition team”, including providing 14 briefings focused on the ongoing cyber incident. “We are committed to seamlessly integrating new members of the Biden Administration into the Agency, while continuing aggressive efforts to understand and respond to this complex cyber campaign,” he said in a statement to CNN Friday.

Given the time that the adversary has had access to some networks, remediation – short and long term reconstruction – will be a lengthy process, a CISA official told CNN.

CISA has already provided ideas for the Biden team to help develop federal cybersecurity and overcome the challenges identified by the latest incident. The suggestions, the official said, include: financing for CISA to hunt for adversarial activity on federal networks; the implantation of new sensors within federal agencies to detect anomalous activities; and improvements in the visibility of the cloud environment, such as Office 365.

The authorities are also considering creating a civilian program similar to the Pentagon model that will help ensure that third-party partners meet cybersecurity standards, but that would be a long-term effort, the official said.

.Source