Lawmakers call for action after 'devastating' nation state cyberattack on federal government

U.S. officials and experts are calling for action after a devastating cyberattack aimed at the federal government by nation state hackers, which may have exposed sensitive government data for the past several months. 

“The reported breach of our Federal networks is serious and disturbing,” House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonHouse Democrats eye vote next week to form Jan. 6 commission Biden administration, Congress unite in effort to tackle ransomware attacks First migrant families reunited in 'beginning' of larger effort MORE (D-Miss.) told The Hill in an emailed statement. “Congress must understand the scope of what happened and what resources Federal agencies will need to secure their networks.”

The cyberattack targeted Austin, Texas-based IT vendor SolarWinds. Hackers inserted a vulnerability into updates put out by the company between March and June of this year for its Orion software, according to a Monday filing with the Securities and Exchange Commission (SEC). 


Reuters first reported that the hackers had successfully hacked into the Treasury Department, the Department of Homeland Security, and the Commerce Department’s National Telecommunications and Information Administration (NTIA).

However, the attack was likely even more catastrophic.

According to a post on SolarWinds' website removed Monday, the company’s customers also include all five branches of the military, the Justice and State departments, the National Security Agency, the Postal Service, and 425 of the U.S. Fortune 500 companies. 

The Washington Post reported that a prolific Russian military intelligence unit known as “Cozy Bear” was behind the attack on SolarWinds. The group was previously tied to an attack on the State Department and groups doing research on COVID-19 vaccines and treatments. No federal agency had publicly confirmed that this group was responsible. 

“While many details are still unknown, the attack emphasizes the importance of strong cybersecurity protections and rapid incident responses across all federal agencies,” Senate Commerce Committee Chairman Roger WickerRoger Frederick WickerThis week: Congressional leaders to meet with Biden amid GOP reckoning Biden to meet with GOP senators amid infrastructure push Biden visits local Mexican restaurant to highlight relief program MORE (R-Miss.) and Sens. John ThuneJohn Randolph ThuneBiden-McConnell cold war unlikely to end at White House Top female GOP senator compares Cheney ousting to 'cancel culture' GOP braces for wild week with momentous vote MORE (R-S.D.) and Jerry MoranGerald (Jerry) MoranBottom line Hawley votes against anti-Asian hate crime bill Senate passes anti-Asian hate crimes bill MORE (R-Kan.) said in a joint statement Monday following a briefing on the attack from the Commerce Department. 

“Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear,” they added.


SolarWinds noted in the SEC filing that while it had notified 33,000 customers of the potential months-long breach, it believed that only around 18,000 customers were impacted, and that the hackers had been able to gain access to company emails through exploiting Microsoft Office 365 tools. 

Microsoft on Sunday night published a blog post emphasizing that it had “not identified any Microsoft product or cloud service vulnerabilities” while responding to the incident, but noted that it concurred that “this is nation-state activity at significant scale, aimed at both the government and private sector.”

The attack came less than a week after major cybersecurity group FireEye announced that it had been hacked by a nation state in a related attack. 

The company wrote in a separate blog post on Sunday that based on its initial investigation into the “ongoing” attacks, it was the “work of a highly skilled actor and the operation was conducted with significant operational security.”

With the fall out ongoing, Capitol Hill on Monday pivoted its attention to the attack. 

Thompson told The Hill that he had asked DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to brief the House Homeland Security Committee, while the panel’s newly appointed ranking member Rep. John KatkoJohn Michael KatkoHillicon Valley: Feds eye more oversight of pipelines after Colonial attack | White House monitoring fuel shortages | Democrats urge Facebook to reverse WhatsApp update | Biden announces deal with Uber, Lyft for free vaccine rides Feds eye more oversight of pipelines after Colonial attack Katko probes federal oversight of oil and gas industry cybersecurity MORE (R-N.Y.) called for a “coordinated and cohesive national strategy” to fight these types of attacks. 

House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffFree Speech Inc.: The Democratic Party finds a new but shaky faith in corporate free speech Trump backs Stefanik to replace Cheney Gender politics hound GOP in Cheney drama MORE (D-Calif.) summed up the attack as “devastating,” and Senate Intelligence Committee Vice Chairman Mark WarnerMark Robert WarnerOvernight Defense: Former Pentagon chief to testify about Capitol riot Wednesday | Senate Intelligence chairman wants Biden to review US Space Command move Wyden: Funding infrastructure with gas tax hike a 'big mistake' Senate Intelligence chairman wants Biden to review US Space Command move MORE (D-Va.) said in a statement that “we should make clear that there will be consequences.”

“These recent attacks threatened national security, created unacceptable risks to Americans safety, and we need to do everything we can do to prevent them from happening in the future,” Senate Homeland Security and Governmental Affairs Committee ranking member Gary PetersGary PetersStudents for Trump co-founder gets over a year in prison for posing as lawyer Hillicon Valley: DOJ to review cyber challenges | Gaetz, House Republicans want to end funding for postal service surveillance | TikTok gets new CEO Senators introduce bipartisan bill to protect personal travel data MORE (D-Mich.) told The Hill. 

Sen. Ron WydenRonald (Ron) Lee WydenOn The Money: Job openings jump to record high of 8.1 million | Wyden opposes gas tax hike | Airlines feel fuel crunch Green future needs to be built with union jobs and prevailing wage Wyden: Funding infrastructure with gas tax hike a 'big mistake' MORE (D-Ore.), a member of the Senate Intelligence Committee, said he was pressing the federal government for more information on the incident.

“Our country has suffered a massive national security failure that could have ramifications for years to come,” Wyden told The Hill. “I fear that the damage is more significant than is currently known.”

The federal government has already begun to take action, with Reuters reporting that the National Security Council (NSC) met in an emergency meeting on Saturday to discuss the attack. 

NSC spokesperson John Ullyot said in a tweet Monday that the NSC, the FBI, CISA, and the intelligence community were working together “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”


CISA also put out an emergency directive late Sunday night ordering federal agencies to immediately disconnect from any SolarWinds systems by Monday afternoon. 

But experts warned Monday that there is almost certainly more that will come to light around the incident. 

Kiersten Todt, who served as executive director of former President Obama’s Commission on Enhancing National Cybersecurity, told The Hill that the “security of the nation has been compromised.”

“We have no idea what they accessed specifically and for what purposes, and I believe it’s just the tip of the iceberg in terms of who, what, and when has been breached,” said Todt, who currently serves as managing director of the Cyber Readiness Institute. 

Theresa Payton, the White House chief information officer during the George W. Bush administration, said the attack was particularly bad after a year in which IT professionals have been pushed to their limit by Americans moving online, and as federal agencies begin the transition process between presidential administrations. 

“On a scale of one to ten, my gut tells me we are approaching a nine,” Payton, who currently serves as CEO of the cyber consultancy group Fortalice Solutions, said of the overall attack.


The incident came to light as the U.S. faces a vacuum of cybersecurity leadership after top CISA officials were forced out by the Trump administration. The U.S. is also without a central cybersecurity leader as lawmakers and Trump clash on the issue of reestablishing a White House cyber czar following the elimination of the position in 2018. 

Todt pointed to the firing of former CISA Director Christopher Krebs by President TrumpDonald TrumpKinzinger, Gaetz get in back-and-forth on Twitter over Cheney vote READ: Liz Cheney's speech on the House floor Cheney in defiant floor speech: Trump on 'crusade to undermine our democracy' MORE, and the departure of three other top officials, as “not helpful,” and both Todt and Payton called on President-elect Joe BidenJoe BidenKinzinger, Gaetz get in back-and-forth on Twitter over Cheney vote Cheney in defiant floor speech: Trump on 'crusade to undermine our democracy' US officials testify on domestic terrorism in wake of Capitol attack MORE to bolster cybersecurity once in office.

As foreign hackers continue to step up their game, Schiff also called on Biden to illustrate to Russia, China, and Iran the consequences of carrying out a major cyberattack on the nation. 

“For too long, cyber-attacks have been seen as relatively cost-free for the perpetrators; that needs to change,” Schiff said.