SPONSORED:

Senate Intelligence panel to hold hearing on SolarWinds breach next week

Senate Intelligence panel to hold hearing on SolarWinds breach next week
© Aaron Schwartz

The Senate Intelligence Committee will hold a hearing on the massive Russian breach of the federal government that has become known as the SolarWinds hack next week in one of the first major congressional hearings on the issue. 

The event, set for Feb. 23, will feature testimony from Sudhakar Ramakrishna, the CEO of IT group SolarWinds, which became the face of one of the biggest cyber incidents in U.S. history. Officials discovered in December that hackers had exploited the company's software to compromise up to 18,000 of its customers for more than a year. 

Other witnesses will include Microsoft President Brad Smith, FireEye CEO Kevin Mandia and CrowdStrike President and CEO George Kurtz. 

ADVERTISEMENT

Both FireEye and Microsoft were compromised as part of the SolarWinds breach, and the discovery of the hacking incident was due in large part to FireEye coming forward. 

The federal government is still grappling to get its arms around the incident. Anne Neuberger, President BidenJoe BidenFauci says school should be open 'full blast' five days a week in the fall Overnight Defense: Military sexual assault reform bill has votes to pass in Senate l First active duty service member arrested over Jan. 6 riot l Israeli troops attack Gaza Strip Immigration experts say GOP senators questioned DHS secretary with misleading chart MORE’s deputy national security adviser for cyber and emerging technology, told reporters Wednesday during a briefing that nine federal agencies and about 100 private sector groups had been compromised, but that this number would likely increase. 

“The scale of potential access far exceeded the number of known compromises,” Neuberger said. “Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions."

Neuberger is leading the federal government’s investigation into the incident, with the investigation involving a coalition of the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency. 

Agencies confirmed to have been compromised include the Commerce, Defense, Energy, Homeland Security, Justice, State and Treasury departments, among others. The Wall Street Journal reported last month that around 30 percent of victims have no ties to SolarWinds products, widening the scope of the breach. 

ADVERTISEMENT

Neuberger announced that President Biden intends to roll out an “executive action” to address “gaps” in federal cybersecurity once the full review of the incident has been completed. Biden referred to the SolarWinds breach last year as a “grave threat to national security.”

The hearing will be the second major cybersecurity-focused Capitol Hill event since the breach was discovered late last year, with the House Homeland Security Committee holding a hearing earlier this month that delved into the SolarWinds breach, among other cybersecurity topics.

Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerBiden signs executive order to improve federal cybersecurity Overnight Defense: Former Pentagon chief to testify about Capitol riot Wednesday | Senate Intelligence chairman wants Biden to review US Space Command move Wyden: Funding infrastructure with gas tax hike a 'big mistake' MORE (D-Va.) has previously made it clear that the incident should be a key issue for Congress to investigate, calling for action after intelligence officials said in January that Russia was “likely” behind the breach.

“We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response,” Warner said in a statement last month.