Russia has long been seen as a threat in cyberspace. But after one of the most successful cyber-intrusion campaigns in US history, questions arise about how the federal government was so completely blinded by an attack that many experts saw it coming.
The successful piracy of several federal agencies and tens of thousands of individual federal and private entities – widely alleged to be a Russian intrusion and which federal officials warn is ongoing – has managed to undermine sophisticated protections by targeting the contractor. SolarWinds third party software.
“We shouldn’t have been surprised, the Russians are very sophisticated, very dedicated and relentless, and this seemed like an easy target that they could exploit,” said Christopher Painter, the department’s former cybersecurity coordinator. The state, both under Trump and the Obama administration, said Friday for The Hill.
Russia, along with China, North Korea and Iran, is seen as one of the urgent threats to the United States in several areas.
After the 2016 presidential election, when Russian agents launched a comprehensive and sophisticated campaign aimed at influencing the elections so far.President Trump
Donald Trump: Trump signs the bill to keep the government open amid US aid negotiations to close two trends of Russia’s consulate “Guardians of the Galaxy” on social media after the new name of the Space Force MORE, top federal agencies have begun a four-year process to support the election and ensure that this type of attack will never happen again.
These officials, led by the two-year-old Cyber Security and Infrastructure Security Agency (CISA), were largely successful. Election Day saw few security incidents.
However, some say the US could have diverted attention from other attack vectors used by Russia.
As of Friday, agents, including the Department of Energy and the National Nuclear Security Administration, the Department of Homeland Security, the State Department and the Treasury Department, were reportedly violated as part of the espionage incident. SolarWinds reported that it believes that at least 18,000 of its customers have been compromised by the hack.
Hackers have been accessing the systems since March, and questions have been raised about how much they took or were unable to access.
“This is the most significant cyber attack in U.S. history,” Tom Kellermann, a former member of the Obama administration’s cybersecurity commission and current head of cybersecurity at VMWare CarbonBlack, told The Hill. “It’s unprecedented in the 22 years I’ve been in business.”
Kellermann said he and his team believed that Russia had stepped up its cyber attacks on the US in retaliation for the success of the 2020 election and the disruption of the international botnet group “TrickBot”, which targeted US critical infrastructure with ransomware viruses.
He noted that the ransomware attacks on hospitals in the autumn “should have been a signal and a red line that a dramatic escalation is taking place”.
Key details of overlooked vulnerabilities appear.
“It’s important to focus on this nuance that there is a small set of actions that can help prevent such incidents in the future and that could have been discovered earlier,” said David Springer, who worked at The National Counterterrorism Center and the Defense Intelligence Agency and is currently at the law firm Bracewell.
“The penetration of SolarWinds seems to be the product of poor cyber hygiene in the company,” said Mark Montgomery, senior executive at the Democracy Foundation. “And let’s not sell the authors’ skill sets anymore. Russian intelligence services – SVR – are capable opponents. ”
The idea of strengthening cyber defense and reducing critical supply chains to federal agencies to zero is not a new issue on Capitol Hill, both gaining broad bipartisan support. However, the partisan blockade on other issues has made it increasingly difficult for legislation to pass through Congress, slowing down cyber priorities.
One element that has gained bipartisan support is the National Defense Authorization Act (NDAA) of 2021, which includes the widest range of federal cybersecurity improvements in recent years, including provisions for the establishment of a White House cyber tsar and strengthening CISA’s competencies.
President Trump has announced his intention to veto the bill on other concerns, sparking bipartisan reactions, and has not yet commented on the violation, despite reports.
“This cyber attack probably committed by the Russians highlights the obvious vulnerabilities of our federal cyber security system,” Sen. Susan Collins
Susan Margaret CollinsLegals call for Trump to take action against massive government piracy, Senator Alexander plays Christmas carols in the Senate office building. No, Biden hasn’t won yet – one more nightmare scenario (R-Maine), Member of the Senate Select Committee on Information, posted on Friday.
“The president should immediately sign the NDAA not only to maintain our military strength, but also because it contains significant cyber security provisions that would help counter future attacks,” she said. added.
Leaders of the Senate Armed Services Committee released a statement Thursday night describing the NDAA as “mandatory legislation” in light of the violation. Sense. Rob Portman
Robert (Rob) Jones PortmanHillicon Valley: MPs ask if mass piracy was an act of war | Microsoft says systems have been exposed to a massive SolarWinds hack Senators are working to keep the shield of technology out of the UK trade deal (R-Ohio) and Gary Peters
Gary PetersKrebs stresses election security as senators head to Hillicon Valley: Facebook ad freeze lifted for Georgia eliminations | Several branches hit a massive cyber attack Krebs will testify on election security Krebs will testify during the Senate hearing on election security this week MORE (D-Mich.), The first leaders of the Senate Committee on Homeland Security and Government Affairs, vowed on Friday to produce “comprehensive bipartisan legislation” next year to ensure that this type of attack will not be repeated.
National security officials are challenged by the way they respond to foreign cyber espionage, which is resistant to high costs that could be caused by the United States as a result of its own intelligence gathering.
Officials took action when espionage activities rose to the level of a national security threat, such as the closure of the Trump administration by the Chinese consulate in Houston in July for what he said were espionage activities that went beyond intelligence gathering.
Singer, a former federal counterterrorism official, said available information about the SolarWinds attack indicates traditional espionage, but worries about the compromised national security infrastructure.
“Based on the early days, the limited information we have so far, it seems that this was mostly the traditional collection of information, but I think it is a real concern that the same access to these critical targets and systems would it could easily be used for another purpose in the future, if it had not been discovered, ”he said.
John Bolton
John Bolton Laws calls for Trump to take action against massive government hack, Biden promises to make cyber security “imperative” after massive hack Trump faces bipartisan, international push for Western Sahara recognitionTrump’s former national security adviser said the US response must be at least three times the cost of the attack. during an interview with MSNBC.
“It has to be the top priority, if we establish that they are Russians, that’s where the information tends to show, what the retaliation will be,” he said. “And I think it should be, no matter what we assess what cost we incur to be – plus, plus, plus. That’s how you restore discouragement. ”