Scale of massive cyberattack that penetrated multiple government agencies prompts joint response from law enforcement and intelligence agencies

But lawmakers who have been briefed behind closed doors have emerged gobsmacked. “Stunning,” tweeted Connecticut Democratic Sen. Richard Blumenthal Wednesday. “Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what’s going on. Declassify what’s known & unknown.”

A ‘SIGNIFICANT AND ONGOING’ CAMPAIGN: Yesterday, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence issued a joint statement that promised a “whole-of-government response” to what it said was a “significant and ongoing cybersecurity campaign” but stopped short of identifying Russia as the source of the hacks.

The three agencies have created what they are calling a Cyber Unified Coordination Group, with the FBI in the lead. “The FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors,” the statement said.

FIREEYE AND SOLARWINDS: The massive hack first became public when the cybersecurity firm FireEye revealed in a blog post earlier this month that it was “attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.”

FireEye shared the information with the FBI and Microsoft, and that led cyber sleuths to discover a vulnerability in SolarWinds’s Orion software, a network-management service, with more than 300,000 customers, including the U.S. military, the Pentagon, the NSA, and NATO.

That, in turn, prompted CISA to issue an emergency directive instructing federal civilian agencies to disconnect or power down affected SolarWinds Orion products from their networks immediately. “CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises,” the joint statement said.

Good Thursday morning and welcome to Jamie McIntyre’s Daily on Defense, written and compiled by Washington Examiner National Security Senior Writer Jamie McIntyre (@jamiejmcintyre) and edited this week by David Sivak. Email here with tips, suggestions, calendar items, and anything else. Sign up or read current and back issues at DailyonDefense.com. If signing up doesn’t work, shoot us an email and we’ll add you to our list. And be sure to follow us on Twitter: @dailyondefense.

Subscribe today to the Washington Examiner magazine and get Washington Briefing: politics and policy stories that will keep you up to date with what’s going on in Washington. SUBSCRIBE NOW: Just $1.00 an issue!

NOTE TO READERS: Daily on Defense will be on hiatus for the Christmas holidays from Monday, Dec. 21, 2020, through Friday, Jan. 1, 2021.

HEADING FOR ANOTHER CR? As congressional negotiators close in on a $900 billion COVID-19 economic relief package, lawmakers are facing another deadline to keep the government running.

Last week, Congress passed a one-week continuing resolution, or “CR,” to buy more time to conclude the coronavirus deal, but that stopgap measure expires tomorrow.

Both House Majority Leader Steny Hoyer of Maryland and Appropriations Committee Chairman Sen. Richard Shelby of Alabama said separately yesterday that they’ll support a continuing resolution to keep the government funded, according to the Hill.

NDAA VETO WATCH: President Trump has still not signed — or, as he has repeatedly threatened, vetoed — the National Defense Authorization Act, which he has to act on by Monday, or it will become law without his signature.

Many lawmakers point out that the bill contains several provisions to beef up defenses against the kind of cyberattack that has compromised so many federal agencies.

“The National Defense Authorization Act, which both houses of Congress have passed, has provisions in it that would help strengthen our cybersecurity. Yet, the president is threatening to veto it,” said Democratic Sen. Maggie Hassan of New Hampshire on CNN. “That’s unacceptable.”

“In the wake of a disastrous Russian cyberattack on our nation, Trump is continuing to threaten a veto of the NDAA,” tweeted Blumenthal. “This defense budget includes enhanced tools to counter such attacks. Trump is again siding with his pal Putin.”

WHAT’S IN THE NDAA: “A number of cybersecurity provisions in this year’s National Defense Authorization Act will help address some of the factors that contributed to the success of the Russian hack,” write retired Rear Adm. Mark Montgomery and Trevor Logan in an analysis for the Foundation for Defense of Democracies.

“For example, Section 1705 of the NDAA grants DHS’ Cybersecurity and Infrastructure Security Agency the authority to conduct threat hunting on federal networks, which would help to expedite remediation efforts while actively looking for vulnerabilities,” they say. “Another NDAA provision, Section 1715, establishes a joint cyber planning office in DHS to facilitate comprehensive planning of defensive cyber campaigns across the federal government. Such an office could have played a significant role in the response and remediation efforts following the SolarWinds breach.”

CONFRONTING PUTIN: Democrats took aim at Trump for his silence about the hack, instead spending his time tweeting more claims that the 2020 election was fraudulent and stolen from him.

“And let’s put it on the line here. We need an honest reset in terms of relationships between the United States and Russia. We can’t be buddies with Vladimir Putin and have him at the same time making this kind of cyber attack on America,” said Sen. Dick Durbin on CNN. “This is virtually a declaration of war by Russia on the United States, and we should take it that seriously.”

“Even though the U.S. presidential inauguration is still weeks away, the fallout from the Russian hacking campaign will undoubtedly be one of the first challenges that the Biden administration’s cyber team will need to tackle,” said the FDD analysis. “It will likely also be left to the incoming administration to determine how to hold Russia to account for its actions.”

‘RESISTANCE IS FUTILE’: The Air Force’s Skyborg program, a name inspired by the fictional Borg of Star Trek, who warn their enemies that “resistance is futile,” passed a major milestone earlier this month.

The XQ-58A Valkyrie drone, which looks a lot like the fighter jets it’s designed to complement, flew as a “wingman” to an F-22 and F-35B, according to Air Force Magazine.

The idea behind the Skyborg program is to create a family of “attritable” drones that are cheap enough to lose in battle but smart enough thanks to artificial intelligence to adapt to battle conditions on the fly to serve as wingmen for manned aircraft.

ANOTHER AI FIRST: The Air Force reported yesterday that for the first time, an artificial intelligence algorithm flew a U-2 spy plane, which it called a “major leap forward for national defense in the digital age.”

The AI algorithm, dubbed ARTUµ in a nod to Star Wars’s R2D2, functioned as “a working aircrew member” executing “specific in-flight tasks that otherwise would be done by the pilot.”

“Putting AI safely in command of a U.S. military system for the first time ushers in a new age of human-machine teaming and algorithmic competition,” said an Air Force release. “During this flight, ARTUµ was responsible for sensor employment and tactical navigation, while the pilot flew the aircraft and coordinated with the AI on sensor operation.”

The training scenario simulated a missile strike, with the pilot on the lookout for threatening aircraft, while the “co-pilot” ARTUµ was locating enemy launchers.

The Rundown

Washington Examiner: Kenyan man indicted in alleged ‘9/11-style’ terror plot by al Shabab

Washington Examiner: Defendants in Charlie Hebdo case found guilty of complicity to commit terrorist acts

Washington Examiner: Biden and Pence set to get COVID-19 vaccine

Washington Examiner: Pompeo in quarantine after coronavirus exposure

Reuters: ‘China Does Not Honor Its Agreements,’ U.S. Admiral Says After Meeting No-Show

Fox News: Pentagon Joint Chiefs Cites 500-Ship Navy Fleet As ‘Aim Point’

International Business Times: Chinese Navy Building ‘Super Carrier’ As Its Second Aircraft Carrier Shandong Completes Sea Trials

USNI News: Panel: U.S. Must Embrace ‘Power Of Naval Diplomacy’

AFP: Taiwan Says U.S. Has Approved Key Submarine Technology Sale

New York Times: U.S. Cyberdefenses Cost Billions, But Russian Hackers Eluded Them

Defense News: Israel Launches First-Ever Multitier Missile Defense Test

Reuters: Erdogan Says U.S. Sanctions An Attack On Ally Turkey’s Rights

Air Force Magazine: U-2 Flies with Artificial Intelligence as Its Co-Pilot

Air Force Magazine: Skyborg Drone Translates Between F-35 and F-22 in Test

Washington Post: Biden order to halt border wall project would save U.S. $2.6 billion, Pentagon estimates show

CBS: Acting Defense Secretary Drafts Executive Order To Help Those Who Served At Toxic Base: ‘Let’s Err On The Side Of The Veteran’

C4IRSNET: Amazon Web Services Challenges Pentagon Decision To Stick With Microsoft For Cloud Contract

Orange County Register: First Female Marine Drill Instructors Graduate From An Integrated Course At San Diego Recruit Depot

AP: US plans new charges in 1988 Lockerbie airline

Time: Saudi Arabia Is Scrubbing Hate Speech from School Books. Why That’s a Win for the Trump Administration.

Washington Post: Radio Free Europe fires a prominent Russian journalist — and the Kremlin smirks

New York Times: China Brings Moon Rocks to Earth, and a New Era of Competition to Space

Calendar

THURSDAY | DECEMBER 17

11:30 a.m. — Henry Stimson Center virtual forum: “International Nuclear Security,” with Laura Holgate, vice president for materials risk management at the Nuclear Threat Initiative; Dmitry Kovchegin, member of the Russian Center for Policy Research; and Nickolas Roth, director of the Stimson Nuclear Security Program. https://www.stimson.org/event

12:15 a.m. — TechCrunch Space 2020 virtual event with Chief of Space Operations Gen. Jay Raymond; and Will Roper, assistant secretary for acquisition, technology, and logistics. https://techcrunch.com/events

3 p.m. — Jewish Institute for National Security of America webinar: “Geopolitical Fulcrum or Endless War: Options for U.S.-Syria Policy in the Biden Administration,” with James Jeffrey, former special representative for Syria engagement and special envoy to the Global Coalition to Defeat ISIS; former Deputy Assistant Defense Secretary for the Middle East Michael Mulroy; Sinam Mohamad, co-chair of the U.S. Mission of the Syrian Democratic Council; and Blaise Misztal, vice president for policy of JINSA. https://us02web.zoom.us/webinar/register

FRIDAY | DECEMBER 18

10 a.m. — George Washington University Project for Media and National Security Defense Writers Group conference call with Will Roper, assistant secretary for acquisition, technology, and logistics, U.S. Air Force. https://nationalsecuritymedia.gwu.edu/

3:30 p.m. — Woodrow Wilson Center Polar Institute virtual film screening and discussion on “Polar Guardians: Coast Guard Icebreaking in the High Latitudes,” with Coast Guard Commandant Adm. Karl Schultz; former Coast Guard Commandant Adm. Thad Allen; former Lt. Gov. Fran Ulmer, D-Alaska; and Michael Sfraga, director of the WWC Polar Institute. https://www.wilsoncenter.org/event/polar-guardians

MONDAY | DECEMBER 21

7 a.m. — Daily on Defense begins a two-week Christmas vacation until Monday, Jan. 5, 2021. Happy holidays and best wishes for a safe and prosperous new year.

10:25 a.m. — Aspen Institute Security Forum: “The View from Kabul: A Live Conversation with the President of Afghanistan,” with Ashraf Ghani; and Nicholas Burns, executive director, Aspen Strategy Group, and professor of the practice of diplomacy and international relations, Harvard Kennedy School. https://aspeninst.zoom.us/webinar

11 a.m. — Mitchell Institute for Aerospace Studies virtual Space Power Forum, with Brig. Gen. Brook Leonard, chief of staff of U.S. Space Command; and retired Lt. Gen. Dave Deptula, dean of the Mitchell Institute for Aerospace Studies. Invitation only. Video posted afterward at https://www.mitchellaerospacepower.org/space-breakfast-series.