Lawmakers call for action after 'devastating' nation state cyberattack on federal government

U.S. officials and experts are calling for action after a devastating cyberattack aimed at the federal government by nation state hackers, which may have exposed sensitive government data for the past several months. 

“The reported breach of our Federal networks is serious and disturbing,” House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonNew coalition aims to combat growing wave of ransomware attacks Acting DHS chief Chad Wolf stepping down Security boosted for lawmakers' travel around inauguration: report MORE (D-Miss.) told The Hill in an emailed statement. “Congress must understand the scope of what happened and what resources Federal agencies will need to secure their networks.”

The cyberattack targeted Austin, Texas-based IT vendor SolarWinds. Hackers inserted a vulnerability into updates put out by the company between March and June of this year for its Orion software, according to a Monday filing with the Securities and Exchange Commission (SEC). 


Reuters first reported that the hackers had successfully hacked into the Treasury Department, the Department of Homeland Security, and the Commerce Department’s National Telecommunications and Information Administration (NTIA).

However, the attack was likely even more catastrophic.

According to a post on SolarWinds' website removed Monday, the company’s customers also include all five branches of the military, the Justice and State departments, the National Security Agency, the Postal Service, and 425 of the U.S. Fortune 500 companies. 

The Washington Post reported that a prolific Russian military intelligence unit known as “Cozy Bear” was behind the attack on SolarWinds. The group was previously tied to an attack on the State Department and groups doing research on COVID-19 vaccines and treatments. No federal agency had publicly confirmed that this group was responsible. 

“While many details are still unknown, the attack emphasizes the importance of strong cybersecurity protections and rapid incident responses across all federal agencies,” Senate Commerce Committee Chairman Roger WickerRoger Frederick WickerSenators vet Buttigieg to run Transportation Department Wall Street Journal: GOP Electoral College 'stunt' will hurt US, Republican Party Bipartisan group of senators: The election is over MORE (R-Miss.) and Sens. John ThuneJohn Randolph ThuneThe Hill's Morning Report - Biden's crisis agenda hits headwinds Senate chaos threatens to slow Biden's agenda NRSC chair says he'll back GOP incumbents against Trump primary challengers MORE (R-S.D.) and Jerry MoranGerald (Jerry) MoranThe Hill's Morning Report - Biden's crisis agenda hits headwinds OVERNIGHT ENERGY: Biden's Interior Department temporarily blocks new drilling on public lands | Group of GOP senators seeks to block Biden moves on Paris, Keystone | Judge grants preliminary approval for 0M Flint water crisis settlement Bipartisan Senate gang to talk with Biden aide on coronavirus relief MORE (R-Kan.) said in a joint statement Monday following a briefing on the attack from the Commerce Department. 

“Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear,” they added.


SolarWinds noted in the SEC filing that while it had notified 33,000 customers of the potential months-long breach, it believed that only around 18,000 customers were impacted, and that the hackers had been able to gain access to company emails through exploiting Microsoft Office 365 tools. 

Microsoft on Sunday night published a blog post emphasizing that it had “not identified any Microsoft product or cloud service vulnerabilities” while responding to the incident, but noted that it concurred that “this is nation-state activity at significant scale, aimed at both the government and private sector.”

The attack came less than a week after major cybersecurity group FireEye announced that it had been hacked by a nation state in a related attack. 

The company wrote in a separate blog post on Sunday that based on its initial investigation into the “ongoing” attacks, it was the “work of a highly skilled actor and the operation was conducted with significant operational security.”

With the fall out ongoing, Capitol Hill on Monday pivoted its attention to the attack. 

Thompson told The Hill that he had asked DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to brief the House Homeland Security Committee, while the panel’s newly appointed ranking member Rep. John KatkoJohn Michael KatkoHillicon Valley: Intelligence agency gathers US smartphone location data without warrants, memo says | Democrats seek answers on impact of Russian hack on DOJ, courts | Airbnb offers Biden administration help with vaccine distribution House lawmakers reintroduce bipartisan bill to weed out foreign disinformation on social media Cheney tests Trump grip on GOP post-presidency MORE (R-N.Y.) called for a “coordinated and cohesive national strategy” to fight these types of attacks. 

House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffBiden to keep Wray as FBI director Biden urged to reverse Pompeo-Trump move on Houthis Angus King warns of 'grave danger' of Trump revealing classified information MORE (D-Calif.) summed up the attack as “devastating,” and Senate Intelligence Committee Vice Chairman Mark WarnerMark Robert WarnerThe next pandemic may be cyber — How Biden administration can stop it Bipartisan Senate gang to talk with Biden aide on coronavirus relief Social media posts, cellphone data aid law enforcement investigations into riots MORE (D-Va.) said in a statement that “we should make clear that there will be consequences.”

“These recent attacks threatened national security, created unacceptable risks to Americans safety, and we need to do everything we can do to prevent them from happening in the future,” Senate Homeland Security and Governmental Affairs Committee ranking member Gary PetersGary PetersThe Hill's Morning Report - President Biden, Vice President Harris begin work today Two Senate committees vow probe of security failure during Capitol riots US government caught blindsided over sophisticated cyber hack, experts say MORE (D-Mich.) told The Hill. 

Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Intelligence agency gathers US smartphone location data without warrants, memo says | Democrats seek answers on impact of Russian hack on DOJ, courts | Airbnb offers Biden administration help with vaccine distribution Intelligence agency gathers US smartphone location data without warrants, memo says Senate panel unanimously advances Yellen nomination for Treasury MORE (D-Ore.), a member of the Senate Intelligence Committee, said he was pressing the federal government for more information on the incident.

“Our country has suffered a massive national security failure that could have ramifications for years to come,” Wyden told The Hill. “I fear that the damage is more significant than is currently known.”

The federal government has already begun to take action, with Reuters reporting that the National Security Council (NSC) met in an emergency meeting on Saturday to discuss the attack. 

NSC spokesperson John Ullyot said in a tweet Monday that the NSC, the FBI, CISA, and the intelligence community were working together “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”


CISA also put out an emergency directive late Sunday night ordering federal agencies to immediately disconnect from any SolarWinds systems by Monday afternoon. 

But experts warned Monday that there is almost certainly more that will come to light around the incident. 

Kiersten Todt, who served as executive director of former President Obama’s Commission on Enhancing National Cybersecurity, told The Hill that the “security of the nation has been compromised.”

“We have no idea what they accessed specifically and for what purposes, and I believe it’s just the tip of the iceberg in terms of who, what, and when has been breached,” said Todt, who currently serves as managing director of the Cyber Readiness Institute. 

Theresa Payton, the White House chief information officer during the George W. Bush administration, said the attack was particularly bad after a year in which IT professionals have been pushed to their limit by Americans moving online, and as federal agencies begin the transition process between presidential administrations. 

“On a scale of one to ten, my gut tells me we are approaching a nine,” Payton, who currently serves as CEO of the cyber consultancy group Fortalice Solutions, said of the overall attack.


The incident came to light as the U.S. faces a vacuum of cybersecurity leadership after top CISA officials were forced out by the Trump administration. The U.S. is also without a central cybersecurity leader as lawmakers and Trump clash on the issue of reestablishing a White House cyber czar following the elimination of the position in 2018. 

Todt pointed to the firing of former CISA Director Christopher Krebs by President TrumpDonald TrumpMcCarthy says he told Rep. Marjorie Taylor Greene he disagreed with her impeachment articles against Biden Biden, Trudeau agree to meet next month Trump planned to oust acting AG to overturn Georgia election results: report MORE, and the departure of three other top officials, as “not helpful,” and both Todt and Payton called on President-elect Joe BidenJoe BidenMcCarthy says he told Rep. Marjorie Taylor Greene he disagreed with her impeachment articles against Biden Biden, Trudeau agree to meet next month Fauci infuriated by threats to family MORE to bolster cybersecurity once in office.

As foreign hackers continue to step up their game, Schiff also called on Biden to illustrate to Russia, China, and Iran the consequences of carrying out a major cyberattack on the nation. 

“For too long, cyber-attacks have been seen as relatively cost-free for the perpetrators; that needs to change,” Schiff said.