In December of 2020, cyber security experts recognized that an international crime group had infiltrated US computer networks and had gained access a wealth of sensitive information. The SolarWinds/Sunburst attack affected at least nine US federal agencies and numerous private-sector organizations. Authorities continue to explore the degree of damage done.
On Monday, a new report provided further details about SolarWinds’ impact. According to AP, the Department of Homeland Security (DHS) was compromised. As the SolarWinds hackers infiltrated the network, email content was stolen. The then-acting secretary, Chad Wolf, recently offered testimony before Congress around this issue. The intelligence value of the leaked information remains unknown.
This episode brings up difficult questions concerning how the US can protect its officials and its institutions from cyber threats. For effective prevention and defense, the United States must make significant changes to its infrastructure, partnerships and policies.
“The SolarWinds hack was a victory for our…adversaries, and a failure for DHS,” Senator Rob Portman stated. He notes that the hackers walked away with the Department of Homeland Security’s “crown jewels”.
Emails, schedules, what else?
An inquiry with the US Energy Department indicates that the SolarWinds attackers accessed officials’ schedules. Secretary Dan Brouillette, a former administration official, delivered this information. The schedules were not considered classified material and the data was stored accordingly.
How could hackers weaponize scheduling information? Just consider the implications.
A spokesperson for the Energy Department, Kevin Liao, states that they have found “no evidence the network that maintains senior officials’ schedules was compromised”.
SolarWinds and Microsoft Exchange:
What do these two attacks have in common? The commonality is that the US government appeared unable to detect either attack. “What struck me was how much we were in the dark for as long as we were in the dark,” sated Senator Mark Warner. Each breach was discovered by a private group.
The federal response and remediation efforts persisted for weeks due to use of legacy technology. Due to lack of visibility into systems, organizations struggled to identify the number of servers running SolarWinds software.
Department of Homeland Security, other agencies, what now?
“We must raise our game,” states Brandon Wales, who leads the Cyber Security and Infrastructure Security Agency. In conjunction with this statement, the US congress recently approved $650 million in new cyber security spending.
The Biden administration is not expected to increase domestic electronic surveillance to thwart threats. Instead, the administration aims to align with partners and private-sector companies that already retain deep visibility into the domestic internet.
Nearly a dozen action items designed to strengthen federal cyber security are on President Biden’s agenda. Homeland Security Secretary, Alejandro Mayorkas, perceives cyber security as a key priority and intends to address the growing rash of ransomware threats. Hospitals, schools and other public services are threatened on a daily basis. In one of the agency’s “first sprints” of the year, officials will focus on the cyber security space.
The investigation into the SolarWinds breach remains ongoing. For more information on the latest SolarWinds findings, visit the Associated Press.