The national security official leading the Biden administration’s response to the SolarWinds hack says the United States will “holistically” consider all of the “likely Russian” malign cyber actions when putting together a response to massive intrusions.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, who was recently named as the point person coordinating the U.S. government’s response to the massive breach, spoke Wednesday at White House press secretary Jen Psaki’s daily press briefing.
“Hackers launched a broad and indiscriminate effort to compromise the network management software used by both government and the private sector,” Neuberger said. “The U.S. intelligence community is looking at who is responsible. Until that study is complete, I’ll use the language we’ve previously used, which was to say, an advanced threat persistent threat actor likely of Russian origin was responsible.”
Neuberger said nine federal agencies and roughly 100 private sector companies had been compromised after 18,000 entities downloaded the malicious update, noting “the scale of potential access far exceeded the number of known compromises.” It is believed that the Justice Department, State Department, Treasury Department, Energy Department, Commerce Department, National Institutes of Health, and federal court system were affected by the hack. She added that the hackers had targeted many technology companies, including companies whose products could be used to launch further intrusions.
“This isn’t the only case of malicious cyber activity of likely Russian origin, either for us or our allies and partners,” Neuberger said. “So as we contemplate future response options, we’re considering holistically what those activities were.”
The Biden official said, “There is certainly a cost with regard to dollars — it’s also a cost with regard to national security.” She repeated that “there is national security impact” and said the U.S. had at least a sense of what the motive might have been because “as we look at the agencies, there are a number of high foreign intelligence interests to a foreign government — so we know that was one goal.”
“The techniques that were used lead us to believe that any files or emails on a compromised network were likely to be compromised,” Neuberger said, adding that “the scope and scale to networks, to information, makes this more than an isolated case of espionage.”
Microsoft President Brad Smith told CBS News over the weekend that his company believed “certainly more than 1,000” engineers had worked on the SolarWinds attacks.
In offering an explanation for how the breach could happen, Neuberger appeared to place some blame both on the private sector and the federal government.
“There’s a lack of domestic visibility. As a country, we choose to have both privacy and security, and so the intelligence community largely has no visibility into private-sector networks. … The hackers launched the hack from inside the United States, which further made it difficult for the U.S. government to observe their activity,” she said. “Even within federal networks, a culture and authorities inhibit visibility, which is something we need to address.”
In December, U.S.-based SolarWinds acknowledged its systems had been compromised by hackers who infiltrated the company’s Orion software updates in order to distribute malware to its customers’ computers. The U.S. network-management company said roughly 18,000 of its customers were affected. Before the customers were removed from the company website, it boasted of its 300,000 customers, including “more than 425 of the US Fortune 500,” the 10 biggest telecommunications companies in the U.S., “all five branches” of the U.S. military, and a number of different government agencies.
Neuberger said the Biden administration is focused on “finding and expelling” the intruder, including by working with the private sector to find the compromises, which she called challenging because, “this is a sophisticated actor who did their best to hide their tracks.” She also said the Biden administration was committed to “building back better” and reducing the risk of this happening again, briefly hinting at a dozen suggested executive actions the national security team was working on. Neuberger said her team was going “layer by layer” through the compromises and estimated it might take several months to understand fully the scope of the hack.
President Biden has also directed Director of National Intelligence Avril Haines to put together an intelligence assessment about possible Russian interference in the 2020 election, alleged bounties on U.S. troops in Afghanistan, and the poisoning of Russian dissident leader Alexei Navalny.
The U.S. intelligence community had first attributed the hack’s “likely” Russian origin in January as the National Security Council’s Cyber Unified Coordination Group task force said that they “believe this was, and continues to be, an intelligence gathering effort.” Former Secretary of State Mike Pompeo and former Attorney General William Barr both said in December that they believed the cyber campaign was likely carried out by the Russians.
FireEye, a cybersecurity firm that works with government agencies to expose and fight foreign cyberattacks, reported that it discovered a “highly evasive attacker” infiltrated SolarWinds’s Orion software updates and also announced in early December that it had itself also been hacked.
The SolarWinds hack hearkens back to Russia’s large-scale hacking of the State Department in 2014. Actors affiliated with Russian military intelligence were also named by the U.S. as being responsible for the hacking of the Democratic National Committee’s email systems in 2016.
