Wray hints at federal response to SolarWinds hack

Wray hints at federal response to SolarWinds hack
© Greg Nash

FBI Director Christopher Wray on Tuesday hinted at the planned federal response to what has become known as the SolarWinds hack, stressing that confronting foreign attacks in cyberspace would be “a long, hard slog.”

During a Senate Judiciary Committee hearing, Wray was questioned about how to respond to the breach, which involved likely Russian hackers targeting software from IT group SolarWinds and other vectors to infiltrate at least nine federal agencies and 100 private sector groups. 

“Discussing the response in any detail is probably something that would be better done in a classified setting,” Wray said in response to a question from committee Chairman Dick DurbinDick DurbinFour questions that deserve answers at the Guantanamo oversight hearing Senate dodges initial December crisis with last-minute deal Conservatives target Biden pick for New York district court MORE (D-Ill.). “That by itself might give you a little bit of a hint, but what we have found, speaking more generally, over the last couple of years in the cyber arena in particular is that we are at our most effective when we have joint sequenced operations.”

ADVERTISEMENT

“It’s everything from not just the law enforcement piece, it’s foreign partner participation, it’s private sector hardening, it’s Treasury sanctions, it’s a whole host of things, but when you put them together sequenced, well I would never suggest to you ... that that is somehow going to eliminate the problem, [but] it does push the adversary back and slow their progress,” he added. 

“This is going to be a long, hard slog.”

The Biden administration has been weighing its response to the breach, which is seen as the worst cyber incident in U.S. history and was ongoing for a year before its discovery in December. 

Up to 18,000 customers of SolarWinds may have been compromised as part of the cyber espionage effort, and agencies including the Commerce, Defense, Homeland Security, Justice and Treasury departments were among those impacted. 

SolarWinds reported in a filing to the Securities and Exchange Commission (SEC) on Monday that it is cooperating with investigations from the SEC, the Justice Department, “various” state attorneys general and foreign law enforcement groups. 

The Washington Post reported last month that the Biden administration would soon roll out sanctions against Russia for the cyberattack, which was one of several key issues President BidenJoe BidenPfizer CEO says vaccine data for those under 5 could be available by end of year Omicron coronavirus variant found in at least 10 states Photos of the Week: Schumer, ASU protest and sea turtles MORE brought up during his first call in office with Russian President Vladimir PutinVladimir Vladimirovich PutinOvernight Defense & National Security — US tries to deter Russian invasion of Ukraine Blinken decries coordinated Russian destabilizing efforts Biden says team working on 'initiatives' to prevent Russian invasion of Ukraine MORE

While a response around SolarWinds has not yet been announced, the Biden administration did announce a range of actions against Russia on Tuesday in relation to the poisoning of opposition leader Alexei Navalny, including sanctions. These actions included coordination with the European Union and the United Kingdom in cracking down on Russia. 

An administration official told reporters Tuesday that there would be “more to come” around pushing back against the Russian cyberattack and other malicious actions “in the coming weeks.”

Wray was also questioned by Sen. Jon OssoffJon OssoffGeorgia becomes ground zero for 2022 elections Democrats anxious over Abrams silence on Georgia governor bid Perdue on possible run for Georgia governor: 'I'm concerned about the state of our state' MORE (D-Ga.) on whether the SolarWinds breach constituted a counterintelligence failure, due to the foreign hackers having access to critical systems for months before cybersecurity group FireEye first reported the incident. 

Wray described the hacking incident as a “cybersecurity issue” instead of counterintelligence, but stressed that the threats posed by foreign adversaries in cyberspace are increasing. 

ADVERTISEMENT

“We have long passed the world where it’s a question of if an organization is going to be the victim of a cyber intrusion, we are in the world of when, and the question is not whether someone was subject to a cyber intrusion, but how fast does it get detected, how well does it get mitigated,” he testified. 

Wray, who served in the Justice Department during the George W. Bush administration, noted that “the scope, the scale, the range of attack methods, the number of adversaries involved in sophisticated cyberattacks dwarfs what it was when I was in law enforcement and national security before.”

The FBI director testified on the heels of two major Capitol Hill hearings on the breach, with the Senate Intelligence Committee and two House committees hosting the leaders of SolarWinds, FireEye and Microsoft last week to discuss it.