Senate Intelligence panel to hold hearing on SolarWinds breach next week

Aaron Schwartz

The Senate Intelligence Committee will hold a hearing on the massive Russian breach of the federal government that has become known as the SolarWinds hack next week in one of the first major congressional hearings on the issue. 

The event, set for Feb. 23, will feature testimony from Sudhakar Ramakrishna, the CEO of IT group SolarWinds, which became the face of one of the biggest cyber incidents in U.S. history. Officials discovered in December that hackers had exploited the company’s software to compromise up to 18,000 of its customers for more than a year. 

Other witnesses will include Microsoft President Brad Smith, FireEye CEO Kevin Mandia and CrowdStrike President and CEO George Kurtz. 

Both FireEye and Microsoft were compromised as part of the SolarWinds breach, and the discovery of the hacking incident was due in large part to FireEye coming forward. 

The federal government is still grappling to get its arms around the incident. Anne Neuberger, President Biden’s deputy national security adviser for cyber and emerging technology, told reporters Wednesday during a briefing that nine federal agencies and about 100 private sector groups had been compromised, but that this number would likely increase. 

“The scale of potential access far exceeded the number of known compromises,” Neuberger said. “Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions.”

Neuberger is leading the federal government’s investigation into the incident, with the investigation involving a coalition of the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency. 

Agencies confirmed to have been compromised include the Commerce, Defense, Energy, Homeland Security, Justice, State and Treasury departments, among others. The Wall Street Journal reported last month that around 30 percent of victims have no ties to SolarWinds products, widening the scope of the breach. 

Neuberger announced that President Biden intends to roll out an “executive action” to address “gaps” in federal cybersecurity once the full review of the incident has been completed. Biden referred to the SolarWinds breach last year as a “grave threat to national security.”

The hearing will be the second major cybersecurity-focused Capitol Hill event since the breach was discovered late last year, with the House Homeland Security Committee holding a hearing earlier this month that delved into the SolarWinds breach, among other cybersecurity topics.

Senate Intelligence Committee Chairman Mark Warner (D-Va.) has previously made it clear that the incident should be a key issue for Congress to investigate, calling for action after intelligence officials said in January that Russia was “likely” behind the breach.

“We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response,” Warner said in a statement last month.

Tags Brad Smith Crowdstrike Cyberattack FireEye Joe Biden Mark Warner Microsoft Russia Senate Intelligence Committee SolarWinds
See all Hill.TV See all Video