Weeks after officials revealed a potentially massive hack of U.S. government and private companies by possibly Russian hackers, there’s a bit of good news: So far, investigators have found fewer than 10 government agencies were compromised.
The U.S. Cyber Unified Coordination Group, or the UCG, including the FBI, the Cybersecurity and Infrastructure Security Agency, and other agencies, announced on Jan. 5 that it had identified fewer than 10 agencies affected by the cyberattack. However, investigators are still working to determine the scope of the damage.
Earlier reports had the attack affecting more than 250 agencies and businesses. The UCG did not list the affected agencies, but news reports have suggested the U.S. departments of Treasury, Commerce, State, Energy, and Homeland Security were victims of the attack.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the UCG said in a statement. “Since its initial discovery, the UCG, including hardworking professionals across the United States government, as well as our private sector partners, have been working non-stop. These efforts did not let up through the holidays.”
The UCG said the attack originated from an advanced attacker, likely Russian in origin.
The breach was originally reported on Dec. 13 by cybersecurity vendor FireEye, which was among the victims of the attack. The following day, the Department of Homeland Security announced a series of breaches “across the federal government.”
Attackers gained access to victims through compromised updates of the Orion IT monitoring and management software from vendor SolarWinds. The company pulled the affected software and issued a security advisory on Dec. 15.
Meanwhile, President-elect Joe Biden has said that cybersecurity and remediating the SolarWinds breach will be top priorities in his administration. His cybersecurity efforts will include attempts to “disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said in a December statement.
Also, Jake Sullivan, Biden’s incoming national security adviser, talked about the seriousness of the breach during a Jan. 3 appearance on Fareed Zakaria’s GPS on CNN.
“The sheer extent of the access of the penetration means that not only is there the rampant opportunity for espionage, but there is also the opportunity to take destructive action if the threat actor chose to do so,” he told Zakaria.
While the attack hasn’t been decisively attributed to the Russian government, “Russia has shown us repeatedly in multiple different contexts that it’s prepared to go beyond espionage to harm power grids, to interfere with elections, to disrupt commercial entities,” he added.
Asked what deterrence the Biden administration has planned, Sullivan declined to give specifics.
“I am not going to telegraph our punches … but [Biden] will respond at a time and place of his choosing,” he said.
Some cybersecurity experts expect the Biden administration to take stronger steps against nation-sponsored hacking, particularly from Russia.
After Russian attacks on the 2016 U.S. election, a lack of response from the Trump administration “emboldened state actors and political decision-makers to continue or even step up their efforts,” said Axel Wirth, chief security strategist for MedCrypt, a medical device security vendor.
The Biden administration has already begun focusing on cybersecurity, he told the Washington Examiner. “We would hope that the response to this attack would be stronger and would be appropriate for its nature and scope, but it would be ill-advised to imagine a silver bullet,” he added. “The path to recovery and implementing proactive security measures across our complex IT landscape will be difficult even under the best of circumstances.”
The Biden administration will likely turn to tools used during President Barack Obama’s administration, added professor James Giordano with the Georgetown University Cyber SMART Center’s Program in Technology, Biosecurity, and Ethics and an adviser in technology and biosecurity to the Pentagon.
“It is likely that the incoming administration will place greater confidence in and emphasis upon the engagement of both the intelligence community and diplomatic channels to communicate limits and tolerances for such excursions of sovereign probity,” he told the Washington Examiner.
