U.S. officials and experts are calling for action after a devastating cyberattack aimed at the federal government by nation state hackers, which may have exposed sensitive government data for the past several months.
“The reported breach of our Federal networks is serious and disturbing,” House Homeland Security Committee Chairman Bennie Thompson
Bennie Gordon ThompsonThompson says he hopes Jan 6. committee can complete work by 'early spring' Jan. 6 committee taps former Bush administration official as top lawyer Overnight Defense & National Security: US-Australian sub deal causes rift with France MORE (D-Miss.) told The Hill in an emailed statement. “Congress must understand the scope of what happened and what resources Federal agencies will need to secure their networks.”
The cyberattack targeted Austin, Texas-based IT vendor SolarWinds. Hackers inserted a vulnerability into updates put out by the company between March and June of this year for its Orion software, according to a Monday filing with the Securities and Exchange Commission (SEC).
Reuters first reported that the hackers had successfully hacked into the Treasury Department, the Department of Homeland Security, and the Commerce Department’s National Telecommunications and Information Administration (NTIA).
However, the attack was likely even more catastrophic.
According to a post on SolarWinds' website removed Monday, the company’s customers also include all five branches of the military, the Justice and State departments, the National Security Agency, the Postal Service, and 425 of the U.S. Fortune 500 companies.
The Washington Post reported that a prolific Russian military intelligence unit known as “Cozy Bear” was behind the attack on SolarWinds. The group was previously tied to an attack on the State Department and groups doing research on COVID-19 vaccines and treatments. No federal agency had publicly confirmed that this group was responsible.
“While many details are still unknown, the attack emphasizes the importance of strong cybersecurity protections and rapid incident responses across all federal agencies,” Senate Commerce Committee Chairman Roger Wicker
Roger Frederick WickerGOP senator will 'probably' vote for debt limit increase Rep. Tim Ryan becomes latest COVID-19 breakthrough case in Congress Top Republican: General told senators he opposed Afghanistan withdrawal MORE (R-Miss.) and Sens. John Thune
John Randolph ThuneThis week: Democrats face mounting headaches Senate parliamentarian nixes Democrats' immigration plan Manchin keeps Washington guessing on what he wants MORE (R-S.D.) and Jerry Moran
Gerald (Jerry) MoranIt's time for Congress to act before slow mail turns into no mail Kaine says he has votes to pass Iraq War repeal in Senate Seven-figure ad campaign urges GOP to support infrastructure bill MORE (R-Kan.) said in a joint statement Monday following a briefing on the attack from the Commerce Department.
“Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear,” they added.
SolarWinds noted in the SEC filing that while it had notified 33,000 customers of the potential months-long breach, it believed that only around 18,000 customers were impacted, and that the hackers had been able to gain access to company emails through exploiting Microsoft Office 365 tools.
Microsoft on Sunday night published a blog post emphasizing that it had “not identified any Microsoft product or cloud service vulnerabilities” while responding to the incident, but noted that it concurred that “this is nation-state activity at significant scale, aimed at both the government and private sector.”
The attack came less than a week after major cybersecurity group FireEye announced that it had been hacked by a nation state in a related attack.
The company wrote in a separate blog post on Sunday that based on its initial investigation into the “ongoing” attacks, it was the “work of a highly skilled actor and the operation was conducted with significant operational security.”
With the fall out ongoing, Capitol Hill on Monday pivoted its attention to the attack.
Thompson told The Hill that he had asked DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to brief the House Homeland Security Committee, while the panel’s newly appointed ranking member Rep. John Katko
John Michael KatkoEmboldened Trump takes aim at GOP foes McCarthy-allied fundraising group helps Republicans who voted to impeach Trump Bipartisan House group introduces legislation to set term limit for key cyber leader MORE (R-N.Y.) called for a “coordinated and cohesive national strategy” to fight these types of attacks.
House Intelligence Committee Chairman Adam Schiff
Adam Bennett SchiffOvernight Hillicon Valley — Hacking goes global Schiff calls on Amazon, Facebook to address spread of vaccine misinformation Spotlight turns to GOP's McCarthy in Jan. 6 probe MORE (D-Calif.) summed up the attack as “devastating,” and Senate Intelligence Committee Vice Chairman Mark Warner
Mark Robert WarnerDemocrats confront 'Rubik's cube on steroids' Advocates call on top Democrats for 0B in housing investments Democrats draw red lines in spending fight MORE (D-Va.) said in a statement that “we should make clear that there will be consequences.”
“These recent attacks threatened national security, created unacceptable risks to Americans safety, and we need to do everything we can do to prevent them from happening in the future,” Senate Homeland Security and Governmental Affairs Committee ranking member Gary Peters
Gary PetersHillicon Valley — Presented by Xerox — Democrats press FTC to resolve data privacy 'crisis' Democratic senator requests tech company policies on extremist content FreedomWorks misfires on postal reform MORE (D-Mich.) told The Hill.
Sen. Ron Wyden
Ronald (Ron) Lee WydenA Democratic plan to wipe out independent contractors Biden pushes back at Democrats on taxes Want a clean energy future? Look to the tax code MORE (D-Ore.), a member of the Senate Intelligence Committee, said he was pressing the federal government for more information on the incident.
“Our country has suffered a massive national security failure that could have ramifications for years to come,” Wyden told The Hill. “I fear that the damage is more significant than is currently known.”
The federal government has already begun to take action, with Reuters reporting that the National Security Council (NSC) met in an emergency meeting on Saturday to discuss the attack.
NSC spokesperson John Ullyot said in a tweet Monday that the NSC, the FBI, CISA, and the intelligence community were working together “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”
CISA also put out an emergency directive late Sunday night ordering federal agencies to immediately disconnect from any SolarWinds systems by Monday afternoon.
But experts warned Monday that there is almost certainly more that will come to light around the incident.
Kiersten Todt, who served as executive director of former President Obama’s Commission on Enhancing National Cybersecurity, told The Hill that the “security of the nation has been compromised.”
“We have no idea what they accessed specifically and for what purposes, and I believe it’s just the tip of the iceberg in terms of who, what, and when has been breached,” said Todt, who currently serves as managing director of the Cyber Readiness Institute.
Theresa Payton, the White House chief information officer during the George W. Bush administration, said the attack was particularly bad after a year in which IT professionals have been pushed to their limit by Americans moving online, and as federal agencies begin the transition process between presidential administrations.
“On a scale of one to ten, my gut tells me we are approaching a nine,” Payton, who currently serves as CEO of the cyber consultancy group Fortalice Solutions, said of the overall attack.
The incident came to light as the U.S. faces a vacuum of cybersecurity leadership after top CISA officials were forced out by the Trump administration. The U.S. is also without a central cybersecurity leader as lawmakers and Trump clash on the issue of reestablishing a White House cyber czar following the elimination of the position in 2018.
Todt pointed to the firing of former CISA Director Christopher Krebs by President Trump
Donald TrumpTrump takes shot at new GOP candidate in Ohio over Cleveland nickname GOP political operatives indicted over illegal campaign contribution from Russian national in 2016 On The Money — Dems dare GOP to vote for shutdown, default MORE, and the departure of three other top officials, as “not helpful,” and both Todt and Payton called on President-elect Joe Biden
Joe BidenHouse clears bill to provide veterans with cost-of-living adjustment On The Money — Dems dare GOP to vote for shutdown, default To reduce poverty, stop burdening the poor: What Joe Manchin gets wrong about the child tax credit MORE to bolster cybersecurity once in office.
As foreign hackers continue to step up their game, Schiff also called on Biden to illustrate to Russia, China, and Iran the consequences of carrying out a major cyberattack on the nation.
“For too long, cyber-attacks have been seen as relatively cost-free for the perpetrators; that needs to change,” Schiff said.
