Russia has long been seen as a threat to cyberspace. But after one of the most successful cyber intrusion campaigns in U.S. history, questions arise about how the federal government was so completely blinded by an attack that many experts have seen coming.
The successful piracy of multiple federal agencies and tens of thousands of individual federal and private entities – widely suspected as a Russian intrusion and which federal officials warn is ongoing – managed to subvert sophisticated protections by targeting a contractor. SolarWinds third party software.
“We shouldn’t have been surprised, the Russians are very sophisticated, they’re very dedicated and relentless, and it seemed like a soft target that they were able to exploit,” said Christopher Painter, former State Department cybersecurity coordinator. of Trump. and Obama administrations said Friday in The Hill.
Russia, along with China, North Korea and Iran, is considered one of the urgent threats to the United States in multiple fields.
After the 2016 presidential election, when Russian agents launched an extensive and sophisticated campaign designed to influence the current elections.President Trump
Donald Trump: Trump signs bill to keep government open amid U.S. relief talks to shut down ‘Guardians of the Galaxy’ trends of two Russian consulates on social media after the new name of the MORE Space Force, the top federal agencies began a four-year process designed to bolster elections and ensure that this type of attack could never happen again.
These officials, led by the two-year Cybersecurity and Infrastructure Security Agency (CISA), were largely successful, as Election Day saw few security incidents.
However, some say the US may have diverted attention from other attack vectors used by Russia.
As of Friday, it was reported that agencies such as the Department of Energy and its National Nuclear Safety Administration, the Department of Homeland Security, the State Department and the Treasury Department were breached as part of the incident of espionage. SolarWinds has reported that it believes at least 18,000 of its customers were compromised by the hack.
Hackers accessed the systems as early as March and questions have risen about how long they took or were able to access.
“This is the largest cyberattack in U.S. history,” Tom Kellermann, a former member of an Obama administration cybersecurity committee and current head of cybersecurity at VMWare CarbonBlack, told The Hill. “It’s unprecedented in the 22 years I’ve been in business.”
Kellermann said he and his team believed Russia had stepped up its cyber attacks on the United States in retaliation for the success of securing the 2020 election and after the disruption of the international botnet group “TrickBot”, directed to critical U.S. infrastructure with ransomware viruses.
He noted that ransomware attacks on hospitals during the fall “should have been a signal and a red line that a dramatic escalation is taking place.”
Key details of ignored vulnerabilities emerge.
“It’s important to focus on this nuance that there’s a small set of actions that can help prevent incidents like this in the future and that could potentially have been discovered earlier,” said David Springer, who has campaigned. at the National Center for Terrorism and the Defense Intelligence Agency and is currently on the Bracewell law firm.
“SolarWinds’ penetration appears to be the product of poor cyber hygiene in the company, ”said Mark Montgomery, a senior member of the Foundation for the Defense of Democracies. “And we do not oversell the skills of the authors. The Russian intelligence services (SVR) are capable adversaries. ”
The idea of strengthening cybersecurity defenses and zeroing down critical supply chains for federal agencies is not a new issue on Capitol Hill, both gaining broad bipartisan support. However, the party blockade on other issues has made it increasingly difficult for legislation to pass Congress, which slows down cyber priorities.
One element that has gained bipartisan support is the National Defense Authorization Act (NDAA) of 2021, which includes the broadest range of federal cybersecurity enhancements in recent years, including provisions establishing a White House cyber tsar. and the strengthening of the powers of the CISA.
President Trump has announced his intention to veto the bill over other concerns, sparking a bipartisan reaction, and has yet to comment on the breach, despite having been briefed on the issue.
“This cyber attack perpetrated by the Russians probably highlights the flagrant vulnerabilities of our federal cybersecurity system,” the senator said. Susan Collins
Susan Margaret Collins Lawyers call on Trump to take action against mass government pirate Senator Alexander plays carols in Senate office building No, Biden hasn’t won yet: one more nightmare scenario MORE (R-Maine), Member of the Senate Intelligence Selection Committee, tweeted Friday.
“The president should immediately sign the NDAA not only to keep our military strong, but also because it contains important cybersecurity provisions that would help counter future attacks,” he said. added.
Senate Armed Services Committee leaders issued a statement Thursday night describing the NDAA as “mandatory legislation” in light of the violation. Meaning. Rob Portman
Robert (Rob) Jones Portman: Hillicon Valley: Lawmakers Ask If Mass Hacking Equals War Act | Microsoft says systems were exposed to a massive hack by SolarWinds Senators push to keep technical liability shield out of UK trade agreement Senators push to keep technical liability shield out of UK trade agreement The ‘Biden Team’ is risk averse, but capable and prepared MORE (R-Ohio) i Gary Peters
Gary PetersKrebs emphasizes election security as senators take over Hillicon Valley: Facebook advertising froze by qualifiers in Georgia More branches hit in massive cyberattack | Krebs will testify on electoral security Krebs will testify during the Senate session on electoral security this week MORE (D-Mich.), Incoming leaders of the Senate Committee on Homeland Security and Government Affairs, vowed on Friday to produce “comprehensive bipartisan legislation” next year to ensure that such an attack does not happen again.
National security officials are challenged on how to respond to foreign cyberespionage, resistant to imposing high costs that could be inflicted on the United States by its own intelligence gathering.
Officials have taken action when espionage activities have risen to the level of threats to national security, such as the closure of the Trump administration by the Chinese consulate in Houston in July for what it said were espionage activities that they went beyond intelligence gathering.
Singer, a former federal counter-terrorism official, said available information about the SolarWinds attack points to traditional espionage, but worries about what national security infrastructure is compromised.
“From the early days, the limited information we had so far, seems to have been mostly traditional intelligence gathering, but I think it’s a real concern that the same access to these critical goals and systems can be easily used to for another purpose, “in the future, if it hadn’t been discovered,” he said.
John Bolton
John Bolton Lawyers call on Trump to take action against mass government hacking, Biden promises to make cybersecurity “essential” after mass hacking., Trump’s former national security adviser said the U.S. response must be at least three times the cost of the attack in which it occurred, during an interview with MSNBC.
“The top priority should be, if we determine who the Russians are, this is where the information tends to point, what retaliation will be,” he said. “And I think it should be, whatever our cost assessment we incur in being – more, more, more. That’s how you re-establish deterrence.”