Russia has long been seen as a threat in cyberspace. But after one of the most successful cyber-intrusion campaigns in US history, questions are raised about how the federal government was so completely blinded by an attack that many experts have seen coming.
The successful hacking of multiple federal agencies and tens of thousands of individual federal and private entities – widely believed to be a Russian break-in and federal officials are warning is underway – managed to undermine sophisticated protections by targeting external software contractor SolarWinds.
“We shouldn’t have been surprised, the Russians are very sophisticated, they are very dedicated and ruthless, and this seemed like a soft target that they could exploit,” Christopher Painter, the former State Department cybersecurity coordinator under both the Trump and Obama governments, The Hill told Friday.
Russia, in addition to China, North Korea and Iran, is considered one of the urgent threats to the US in several areas.
After the 2016 presidential election, when Russian agents launched a sweeping and sophisticated campaign to move the election into the presentPresident Trump
Donald Trump Trump Signs Bill To Keep Government Open Amid US Emergency Talks To Shut Down Two Russian Consulates ‘Guardians of the Galaxy’ Social Media Trends Following New Space Force Name MORETop federal agencies began a four-year process to support the election and ensure that these kinds of attacks could never happen again.
These officials, led by the two-year-old Cybersecurity and Infrastructure Security Agency (CISA), largely succeeded, with few security incidents on election day.
However, some say the US may have turned attention away from other attack vectors used by Russia.
On Friday, there were reported breaches of agencies, including the Department of Energy and National Nuclear Security Administration, the Department of Homeland Security, the State Department and the Treasury Department, as part of the espionage incident. SolarWinds has reported that it believes at least 18,000 of its customers have been compromised by the hack.
The hackers gained access to systems as early as March, and questions have arisen about how much they took or could access.
“This is the most important cyberattack in United States history,” Tom Kellermann, a former member of the Obama administration’s cybersecurity committee and current head of cybersecurity at VMWare CarbonBlack, told The Hill. “It is unprecedented in the 22 years that I have been in the business.”
Kellermann said he and his team believed Russia had stepped up its cyber-attacks against the US in retaliation for the success of the 2020 election and after the disruption of the international botnet group “TrickBot” targeting US critical infrastructure with ransomware viruses. .
He noted that ransomware attacks on hospitals during the fall “should have been a signal and a red line that a dramatic escalation is taking place.”
Important details emerge about overlooked vulnerabilities.
“It’s important to focus on this nuance that there is a small set of actions that can help prevent incidents like this in the future that might have discovered it earlier,” said David Springer, who has served with the National Counterterrorism. Center and the Defense Intelligence Agency and is currently with the Bracewell law firm.
“SolarWinds’ penetration appears to be the product of poor cyber hygiene at the company,” said Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies. And let’s not underline the abilities of the perpetrators. The Russian intelligence services – SVR – are skilful adversaries. ”
The idea of bolstering cybersecurity measures and zeroing critical supply chains for federal agencies is not a new issue on Capitol Hill, and both are receiving wide bipartisan support. However, the partisan stalemate on other issues has made it increasingly difficult for legislation to pass through Congress, slowing cyber priorities.
One item that has garnered bipartisan support is the 2021 National Defense Authorization Act (NDAA), which encompasses the widest range of federal cybersecurity improvements in years, including provisions establishing a White House cybert and strengthening CISA’s powers.
President Trump has announced his intention to veto the bill on other concerns, leading to bipartisan backlash, and has not yet commented on the breach, despite reportedly being briefed on the topic.
“This cyber-attack likely perpetrated by the Russians is highlighting the blatant vulnerabilities of our federal cybersecurity system,” said Sen. Susan Collins
Susan Margaret Collins Lawmakers Call on Trump to Take Action Against Massive Government Hack Sen Alexander Plays Christmas Carols in Senate Office Building No, Biden hasn’t won yet – another nightmare scenario MORE (R-Maine), a member of the Senate Select Committee on Intelligence, tweeted Friday.
“The president must sign the NDAA immediately, not only to keep our military strong, but also because it contains important cyber security provisions that could help prevent future attacks,” she says added.
Leaders of the Senate’s Armed Services Committee issued a statement Thursday evening describing the NDAA as “mandatory legislation” in light of the breach. Sens. Rob Portman
Robert (Rob) Jones PortmanHillicon Valley: Lawmakers ask if mass hacking amounts to act of war Microsoft says systems have been exposed to massive SolarWinds hack | Senators urge to keep technical liability out of UK trade deal Senators urge to keep technical liability out of UK trade deal The ‘Biden team’ is risk averse, but capable and ready MORE (R-Ohio) and Gary Peters
Gary PetersKrebs Stresses Electoral Security As Senators Bump into Hillicon Valley: Facebook Ad Blockes Lifted for Georgia Spill Outs | More industries hit by massive cyber attack | Krebs to testify on election security Krebs to testify at Senate election security hearing this week MORE (D-Mich.), The new leaders of the Senate Homeland Security and Government Affairs Committee, vowed on Friday to produce “comprehensive bipartisan legislation” next year to ensure that this type of attack would never happen again.
National security officials are challenged by how to respond to foreign cyber espionage, which can withstand the high costs that could be inflicted on the US because of its own intelligence collection.
Officials have taken action as espionage activities have risen to the level of a threat to national security, such as the Trump administration closing the Chinese consulate in Houston in July for espionage activities beyond intelligence gathering.
Singer, the former federal counterterrorism officer, said the available information on the SolarWinds attack points to traditional espionage, but is concerned about which national security infrastructure has been compromised.
“Based on the very early days, the limited information we have so far, it seems that this was mostly traditional information gathering, but I think it is a real concern that the same access to these critical targets and systems is easy for a another purpose could be used, in the future, if it was not discovered, ”he said.
John Bolton
John Bolton Lawmakers Call On Trump To Take Action On Massive Government Hack Biden Promises To Make Cybersecurity ‘Necessary’ After Mass Hack Trump Faces Bipartisan, International Backlash To Western Sahara Recognition MORETrump’s former national security adviser said the US response must be at least three times the cost of the attack that was made. during an interview with MSNBC.
“The top priority should be: if we determine that it’s the Russians, that’s what the information is pointing to, what the retaliation will be,” he said. “And I think it should be whatever we judge what the costs we have to incur – plus, plus, plus.