Schiff calls for 'urgent' work to defend nation in the wake of massive cyberattack

Schiff calls for 'urgent' work to defend nation in the wake of massive cyberattack
© Greg Nash

House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffBiden holds off punishing Saudi crown prince, despite US intel Overnight Defense: Biden sends message with Syria airstrike | US intel points to Saudi crown prince in Khashoggi killing | Pentagon launches civilian-led sexual assault commission Democrats demand Saudi accountability over Khashoggi killing MORE (D-Calif.) on Wednesday called on Congress to undertake “urgent work” to defend critical networks in the wake of a massive cyber espionage attack on the U.S. government. 

The attack, which occurred between March and June of this year, involved a nation state hacking group, widely reported to be a Russian military group, inserting a vulnerability into software from IT group SolarWinds. The company counts much of the federal government as customers, along with the majority of U.S. Fortune 500 companies.

As of Wednesday, the Department of Homeland Security, the Treasury Department, branches of the Pentagon and a Commerce Department agency were reported to have been breached as part of what is quickly becoming one of the largest cyberattacks in U.S. history. 


Schiff said that both the House and Senate Intelligence committees received briefings from officials with the Office of the Director of National Intelligence, the National Security Agency, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday. These agencies are actively working to investigate and respond to the incident. 

“The United States faces untold numbers of cyber threats from malicious foreign actors, both to the government agencies and private industry, and sometimes both at the same time,” Schiff said following the briefing. “The seriousness and duration of this attack demonstrate that we still have enormous and urgent work to do to defend our critical information and networks, that we must move quicker than our adversaries do to adapt.”

“Cybersecurity professionals in the government and private sector will need to work tirelessly to assess the scope and impact of the SolarWinds vulnerability on the United States and our allies,” he said. 

SolarWinds estimated in a Monday filing with the Securities and Exchange Commission (SEC) that as many as 18,000 of its customers could have been hit by the months-long espionage attack. Schiff urged private sector groups to work with federal agencies if there were any concerns that networks had been hit. 

“We expect and anticipate additional briefings in the coming days and weeks, and will continue to press for the latest information to be shared with Congress and the American people about this significant attack,” Schiff added. 


The Hill reached out for comment on the briefings to representatives of acting Intelligence Committee Chairman Marco RubioMarco Antonio RubioWatch live: Day 2 at CPAC DeSantis derides 'failed Republican establishment' at CPAC The Hill's 12:30 Report - Presented by Facebook - Divided House on full display MORE (R-Fla.) and Vice Chairman Mark WarnerMark Robert WarnerSunday shows preview: 2024 hopefuls gather at CPAC; House passes coronavirus relief; vaccine effort continues Democrats demand Saudi accountability over Khashoggi killing US intel: Saudi crown prince approved Khashoggi killing MORE (D-Va.). 

Warner put out a statement earlier this week also calling for action in the face of the crippling cyber incident. 

“As we gather more information on the impact and goals of these malign efforts, we should make clear that there will be consequences for any broader impact on private networks, critical infrastructure, or other sensitive sectors,” Warner said.  

The briefings took place the same day that cybersecurity group FireEye, whose breach by a nation state last week helped lead to the discovery of the SolarWinds hack, announced that it had discovered a “killswitch” to power down the malware inserted into the SolarWinds software used by the victim groups. 

The “killswitch” for the malware virus, which FireEye named “SUNBURST,” was used to deactivate the malware in partnership with Microsoft and GoDaddy. A FireEye spokesperson told The Hill that this did not fully put an end to the attack. 


“This actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor,” the spokesperson said in a statement. “This killswitch will not remove the actor from victim networks where they have established other backdoors.” 

While agencies have quickly moved this week to disconnect systems from SolarWinds software, major questions remain around what the hackers may have had access to since March. 

The intelligence committees are the latest congressional panels to receive briefings on the incident. 

The Senate Commerce Committee was briefed by the Commerce Department on Monday, while the Senate Armed Services Committee’s cybersecurity subcommittee was briefed by Defense Department officials on Tuesday.  

A group of bipartisan senators have requested further briefings from the FBI and CISA around the Commerce Department breach, while Sens. Sherrod BrownSherrod Campbell BrownSunday shows preview: 2024 hopefuls gather at CPAC; House passes coronavirus relief; vaccine effort continues Democrats: Minimum wage isn't the only issue facing parliamentarian Menendez reintroduces corporate diversity bill MORE (Ohio) and Ron WydenRonald (Ron) Lee WydenHouse Democrats pass sweeping .9T COVID-19 relief bill with minimum wage hike House set for tight vote on COVID-19 relief package On The Money: Democrats scramble to save minimum wage hike | Personal incomes rise, inflation stays low after stimulus burst MORE (Ore.), the Democratic leaders of the Senate Banking and Finance panels, pressed the Treasury Department for more information on the breach in a letter sent Tuesday.