OVERNIGHT DEFENSE: Intel agencies point finger to Moscow on hack | Trump orders carrier to stay in Mideast | Defense letter took two days

OVERNIGHT DEFENSE: Intel agencies point finger to Moscow on hack | Trump orders carrier to stay in Mideast | Defense letter took two days
© Getty Images

Happy Tuesday and welcome to Overnight Defense. I'm Ellen Mitchell, and here's your nightly guide to the latest developments at the Pentagon, on Capitol Hill and beyond. CLICK HERE to subscribe to the newsletter.

THE TOPLINE: A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.

The FBI, the Office of the Director of National Intelligence (ODNI), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) attributed the effort to Russia. The group had set up a cyber unified coordination group in December after the compromise of SolarWinds was revealed.


“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said in a joint statement around their investigation into the cyber incident.

Still digging: The agencies emphasized that “at this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

The federal agencies described the incident Tuesday as “a serious compromise that will require a sustained and dedicated effort to remediate, and vowed to “continue taking every necessary action to investigate, remediate, and share information with our partners and the American people.”

The background: Reuters first reported last month that the Commerce and Treasury departments had been hacked as part of the attack on SolarWinds, which counts the majority of federal agencies and U.S. Fortune 500 companies as customers.

Since then, agencies including the Department of Homeland Security, the Department of Defense and the Energy Department’s National Nuclear Security Administration have confirmed they were affected by the attack, with hackers potentially present in these systems since March.

SolarWinds reported in a filing with the Securities and Exchange Commission last month that up to 18,000 of its customers had potentially been compromised.

Trump seeks to distract: President TrumpDonald TrumpJan. 6 committee chair says panel will issue a 'good number' of additional subpoenas Overnight Defense & National Security — Presented by AM General — Pentagon officials prepare for grilling Biden nominates head of Africa CDC to lead global AIDS response MORE addressed the hack — among the worst cyber incidents in American history — in a tweet last month in which he questioned whether China was involved. Both the Chinese and Russian governments have denied involvement.


“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”

But other officials point to Moscow: Both Secretary of State Mike Pompeo and former Attorney General William Barr have previously said they believed Russia was behind the cyber espionage incident, while President-elect Joe Biden described the hack as a "grave risk to our national security.”

Biden said last month that the attack had all the hallmarks of a Russian cyber operation, and urged Trump to officially designate the nation as behind the incident.

“It certainly fits Russia’s long history of reckless disruptive cyber activities, but the Trump administration needs to make an official attribution,” Biden said. “This assault happened on Donald Trump’s watch when he wasn’t watching. It’s still his responsibility as president to defend American interests for the next four weeks.”

Pompeo doubled down Tuesday on accusing Russia of hacking the SolarWinds software, telling Bloomberg News that the incident “was in fact a Russian operation,” though emphasizing that the U.S. constantly faces cyberattacks from other nations including China, North Korea and Iran.

TRUMP ORDERED AIRCRAFT CARRIER TO STAY IN MIDDLE EAST: President Trump ordered Acting Secretary of Defense Christopher Miller last week to reverse bringing the aircraft carrier the USS Nimitz home and keep the vessel in the Middle EastCNN reported on Monday.

The carrier had been ordered last week to return home in a show of de-escalating tensions with Iran.  

An unidentified defense official told CNN that Miller’s de-escalation goals had not been formally adopted. The call home took some commanders by surprise, multiple officials told the outlet, and U.S. Central Command also wanted the carrier to remain in the region.

Why things changed: Trump reportedly reversed the decision following a White House meeting Sunday.

Miller said in a Sunday statement that “Due to the recent threats issued by Iranian leaders against President Trump and other U.S. government officials, I have ordered the USS Nimitz to halt its routine redeployment.”

Some U.S. officials were also concerned that Iran could stage an attack on the one-year anniversary of the assassination of Iranian Gen. Qasem Soleimani and the Iraqui Shia military leader Abu Mahdi al-Muhandis.

Iran reacts: Following the reversal of the aircraft carrier move, Iranian officials said Monday that Tehran has resumed 20 percent uranium enrichment levels that it reached prior to the Obama-era 2015 nuclear agreement that the U.S. left in 2018.

Iran on Monday also seized a South Korean-flagged oil tanker near the Strait of Hormuz hours before announcing its nuclear increase, according to multiple reports. The U.S. State Department has called for the tanker’s release.

ALL 10 LIVING FORMER US SECDEFS SIGNED LETTER TO TRUMP IN TWO DAYS: Former U.S. ambassador and defense official Eric Edelman said on Monday that it took only two days for all 10 former Defense secretaries to sign a letter that denounced efforts to involve the military in U.S. election disputes.

Edelman drafted the letter with the help of former vice president and Defense Secretary Dick Cheney, ABC News reported. According to Edelman, Cheney told Edelman he would sign the letter if he convinced other Defense secretaries to do the same.

“There's the firing of Esper right after the election, there's the installation of this cadre of political appointees around (acting Secretary of Defense Chris) Miller there, there's the rush for the exit in Afghanistan," Edelman told ABC News with regards to motivation for the effort.

Other motivations: Edelman added that the letter was also motivated by concerns stemming from comments made by former Trump national security adviser Michael Flynn, who suggested in an interview with Newsmax in mid-December that the president might use martial law to change the outcome of the election in some battleground states.

What the letter said: In their letter published in a Washington Post op-ed on Sunday, the former Defense secretaries warn that involving the U.S. armed forces in the election would lead into “unlawful and unconstitutional territory.”  

Addressing current Pentagon officials, the letter said, “We call upon them, in the strongest terms, to do as so many generations of Americans have done before them. This final action is in keeping with the highest traditions and professionalism of the U.S. armed forces, and the history of democratic transition in our great country.”


The Hudson Institute will hold a webinar on “U.S.-India Defense Ties: Partnership of the 21st Century,” with former Indian Integrated Defense Staff Chief Vice Adm. Shekhar Sinha at 12 p.m. 


The House and Senate will meet in a joint session to count electoral votes of the 2020 presidential election in the Senate Chamber at 1 p.m.

The Intelligence National Security Alliance will hold a virtual discussion on “The Space Force's intelligence priorities,” with Air Force Maj. Gen. Leah Lauderback, Space Force director of intelligence, surveillance and reconnaissance, at 4:30 p.m. 


— The Hill: Trump administration rolls out plan to secure maritime sector against cyber threats

— The Hill: Trump administration imposes additional sanctions on Iran amid increasing tensions

— The Hill: Wisconsin Governor mobilizes National Guard ahead of decision in Jacob Blake shooting

— The Hill: Bowser to DOJ, Pentagon: DC isn't asking federal law enforcement to assist with protests


— New York Times: Targeted Killings Are Terrorizing Afghans. And No One Is Claiming Them.

— Stars and Stripes: Family of Fort Hood sergeant questions Army’s effort to find him before he died

— Military Times: The VA has vaccinated nearly a third of its workforce