Politics Top Biden cyber official: SolarWinds breach could turn from spying to destruction 'in a moment'
Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach
After infiltrating US government computer networks early last year as part of the SolarWinds data breach, Russian hackers then turned their attention to the very people whose job was to track them down. © Photo Illustration: Getty Images/Shutterstock/CNN Over the course of a few months, as US officials remained unaware of the breach, hackers identified a handful of key cyber security officials and analysts who would be among the first to respond once the hack was detected, so-called 'threat hunters,' and attempted to access their email accounts, according to two sources familiar with the matter.
WASHINGTON — President Biden’s top cybersecurity adviser says the “likely Russian” hackers who breached the popular IT monitoring software SolarWinds could use their access to “degrade” or “destroy” networks rather than simply spy on them “in a moment.”
Speaking Wednesday evening during a digital panel discussion hosted by the Council on Foreign Relations, Anne Neuberger, the deputy national security adviser on cyber and emerging technology on the National Security Council, said, “Even if it’s routine espionage,” the action is “still counter to our interests,” and requires the U.S. government to find ways to force the perpetrators to reconsider their actions in the future. “How do we change our attacker’s calculus to make them think about those hacks they may be doing?”
US set to sanction a dozen Russian individuals, 24 entities for influencing the 2020 election, SolarWinds hack
The US government may soon announce sanctions on Russian intelligence officials and companies, and expel diplomats from the country.The sanctions, which could be announced this week, are meant to punish these individuals and entities for their alleged role in tampering with the 2020 elections and the SolarWinds hack.
Neuberger’s remarks come amid an ongoing debate about whether the breach was an act of digital warfare or a carefully crafted espionage campaign and on the heelsby Marcus Willett, a former senior cyber adviser to Britain’s digital intelligence agency GCHQ, urging the U.S. to be cautious about retaliating. Willett deemed SolarWinds a “surgical” espionage campaign on the part of the Russians, rather than a reckless and destructive effort.
The Biden administration is still investigating the aftermath of the expansive SolarWinds breach, which gave the hackers, believed to be Russian, access to at least nine U.S. government agencies and a large number of private U.S. companies. While senior administration officials have yet to explain what a response to the breach might look like, they continue to insist it’s coming “in weeks, not months,”with reporters in mid-March.
Intelligence leaders push for mandatory breach notification law
The leaders of the nation's intelligence agencies on Wednesday joined bipartisan members of the Senate Intelligence Committee in pushing for measures to encourage the private sector to report breaches and to deter malicious hackers from attacking critical infrastructure.The discussion came as Congress is under increasing pressure to act after the discovery of both the SolarWinds hack, in which likely Russian hackers compromised nine federal agencies, and new vulnerabilities in a Microsoft email application exploited by a Chinese state-sponsored hacking group to breach thousands of companies.
Neuberger did not elaborate on specifics but did say that the White House will adapt lessons learned from responding to a recent compromise of Microsoft Exchange email servers, while remaining vigilant for potential additional repercussions, including follow-up Russian digital attacks.
Neuberger recalled how the White House organized a “unified coordination group” following news that tens of thousands of organizations had been compromised due to hackers exploiting vulnerabilities in Microsoft’s email software in early March, an attack linked to China. That group, which included private sector executives for the first time as full partners, looked at ways to address the breach.
After the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency identified victims, the White House quickly worked with Microsoft to issue a “one-click” option that customers could use to patch their software, reducing the number of victims from over 100,000 to less than 10,000, said Neuberger.
Derek Chauvin trial, COVID-19 vaccine side effects, FLOTUS agenda: 5 things to know Wednesday
The Derek Chauvin trial will continue with more expert testimony, a study on COVID-19 vaccine side effects is out and more news to start your Wednesday.Start the day smarter. Get all the news you need in your inbox each morning.
“That kind of brainstorming … is really the kind of model we’re going to be using,” said Neuberger.
Neuberger also discussed several forthcoming executive orders on cybersecurity.
The first, already widely reported, will focus on protecting federal networks by requiring companies that sell software products to the U.S. government to meet certain minimum cybersecurity standards and to report breaches. “One of the things that makes cybersecurity such a confounding problem is that software and hardware are rife with vulnerabilities,” said Neuberger. “There is essentially a core market failure.”
A second executive order will address industrial control systems for utilities, such as water and electricity. Cybersecurity experts, particularly those who have researched Russian attacks on the Ukrainian electrical grid, have been warning against dangerous attacks on major control systems for years. “We must have trust in the core systems of our society,” explained Neuberger. “We’re seeking to have visibility on those networks to detect anomalous behavior and block anomalous behavior.”
Officials say executive order with 'a dozen' actions forthcoming after SolarWinds, Microsoft breaches
Officials at the Department of Homeland Security (DHS) on Tuesday said that the Biden administration is working on "close to a dozen" action items to be included in an upcoming executive order meant to strengthen federal cybersecurity in the wake of two major breaches. "We continue to work urgently to make the investments necessary, and the administration is working on close to a dozen actions for an upcoming executive order," a senior DHS"We continue to work urgently to make the investments necessary, and the administration is working on close to a dozen actions for an upcoming executive order," a senior DHS official told reporters during a phone call.
Neuberger also addressed questions about how the U.S. government might find ways to resolve gaps in its visibility of domestic networks. According to investigations into the SolarWinds breach, attackers utilized U.S.-based internet infrastructure to launch their attacks, making it so that agencies like the National Security Agency, which is largely only authorized to monitor foreign internet traffic, can’t follow them.
NSA Director Gen. Paul Nakasone has described this lack of visibility as a “gap” that must be addressed, although cybersecurity experts have warned that giving the agency additional surveillance powers might not actually have helped it stop the attackers any faster. A private-sector company, FireEye, first alerted the U.S. government to the breach.
Neuberger noted that information sharing with the private sector, including key technology and cybersecurity companies, is an important vector for the U.S. government to continue to address sophisticated digital threats. “That’s a key part of our ability to uncover these activities,” she said.
SolarWinds hackers reportedly breached high-level DHS email accounts
The email for the acting secretary at the time, Chad Wolf, was among those breached in a hacking campaign attributed to Russian intelligence.The report Monday indicates that the suspected Russian hackers breached the email accounts of the very people in the Trump administration whose job it was to catch them. News sources reported in February that DHS was one target of the intrusions, which hit at least nine total federal agencies in addition to 100 private companies. The hackers used malware implanted in software made by SolarWinds, as well as vulnerabilities in software from other companies, to breach a variety of systems.
She also said that the U.S. government is relying on “existing authorities'' to monitor U.S. networks, but she did not elaborate on what those were. For now, the government isn’t seeking additional authorities to surveil U.S. networks,an administration official who spoke with journalists in mid-March.
Read more from Yahoo News:
Russia Says U.S. SolarWinds Sanctions Could Lead to Confrontation .
Dmitry Polyanskiy, Russia's UN envoy, said that sanctions on Moscow would be met with an "adequate response."Moscow's first deputy permanent representative to the United Nations, Dmitry Polyanskiy, made these remarks following reports Russian officials and companies will be hit with punitive measures.