sunny.png
Monday March 8th, 2021 4:32PM

Suspected Russian hack fuels new US action on cybersecurity

By The Associated Press
Related Articles
  Contact Editor

WASHINGTON (AP) — Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats.

The breach, which hijacked widely used software from Texas-based SolarWinds Inc., has exposed the profound vulnerability of civilian government networks and the limitations of efforts to detect threats.

It's also likely to unleash a wave of spending on technology modernization and cybersecurity.

“It’s really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future,” Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing.

The reaction reflects the severity of a hack that was disclosed only in December. The hackers, as yet unidentified but described by officials as “likely Russian,” had unfettered access to the data and email of at least nine U.S. government agencies and about 100 private companies, with the full extent of the compromise still unknown. And while this incident appeared to be aimed at stealing information, it heightened fears that future hackers could damage critical infrastructure, like electrical grids or water systems.

President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack. The administration has also proposed expanding by 30% the budget of the U.S. Cybersecurity and Infrastructure Agency, or CISA, a little-known entity now under intense scrutiny because of the SolarWinds breach.

Biden, making his first major international speech Friday to the Munich Security Conference, said that dealing with “Russian recklessness and hacking into computer networks in the United States and across Europe and the world has become critical to protecting our collective security.”

Republicans and Democrats in Congress have called for expanding the size and role of the agency, a component of the Department of Homeland Security. It was created in November 2018 amid a sense that U.S. adversaries were increasingly targeting civilian government and corporate networks as well as the “critical” infrastructure, such as the energy grid that is increasingly vulnerable in a wired world.

Speaking at a recent hearing on cybersecurity, Rep. John Katko, a Republican from New York, urged his colleagues to quickly "find a legislative vehicle to give CISA the resources it needs to fully respond and protect us.”

Biden’s COVID-19 relief package called for $690 million more for CISA, as well as providing the agency with $9 billion to modernize IT across the government in partnership with the General Services Administration.

That has been pulled from the latest version of the bill because some members didn’t see a connection to the pandemic. But Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus, said additional funding for CISA is likely to reemerge with bipartisan support in upcoming legislation, perhaps an infrastructure bill.

“Our cyber infrastructure is every bit as important as our roads and bridges,” Langevin, a Rhode Island Democrat, said in an interview. “It’s important to our economy. It’s important to protecting human life, and we need to make sure we have a modern and resilient cyber infrastructure.”

CISA operates a threat-detection system known as “Einstein" that was unable to detect the SolarWinds breach. Brandon Wales, CISA's acting director, said that was because the breach was hidden in a legitimate software update from SolarWinds to its customers. After it was able to identify the malicious activity, the system was able to scan federal networks and identify some government victims. “It was designed to work in concert with other security programs inside the agencies,” he said.

The former head of CISA, Christopher Krebs, told the House Homeland Security Committee this month that the U.S. should increase support to the agency, in part so it can issue grants to state and local governments to improve their cybersecurity and accelerate IT modernization across the federal government, which is part of the Biden proposal.

“Are we going to stop every attack? No. But we can take care of the most common risks and make the bad guys work that much harder and limit their success,” said Krebs, who was ousted by then-President Donald Trump after the election and now co-owns a consulting company whose clients include SolarWinds.

The breach was discovered in early December by the private security firm FireEye, a cause of concern for some officials.

“It was pretty alarming that we found out about it through a private company as opposed to our being able to detect it ourselves to begin with,” Avril Haines, the director of national intelligence, said at her January confirmation hearing.

Right after the hack was announced, the Treasury Department bypassed its normal competitive contracting process to hire the private security firm CrowdStrike, U.S. contract records show. The department declined to comment. Sen. Ron Wyden, D-Ore., has said that dozens of email accounts of top officials at the agency were hacked.

The Social Security Administration hired FireEye to do an independent forensic analysis of its network logs. The agency had a “backdoor code” installed like other SolarWinds customers, but “there were no indicators suggesting we were targeted or that a future attack occurred beyond the initial software installation,” spokesperson Mark Hinkle said.

Sen. Mark Warner, a Virginia Democrat who chairs the Senate Intelligence Committee, said the hack has highlighted several failures at the federal level but not necessarily a lack of expertise by public sector employees. Still, “I doubt we will ever have all the capacity we’d need in-house,” he said.

There have been some new cybersecurity measures taken in recent months. In the defense policy bill that passed in January, lawmakers created a national director of cybersecurity, replacing a position at the White House that had been cut under Trump, and granted CISA the power to issue administrative subpoenas as part of its efforts to identify vulnerable systems and notify operators.

The legislation also granted CISA increased authority to hunt for threats across the networks of civilian government agencies, something Langevin said they were only previously able to do when invited.

“In practical terms, what that meant is they weren’t invited in because no department or agency wants to look bad,” he said. “So you know what was happening? Everyone was sticking their heads in the sand and hoping that cyberthreats were going to go away.”

___

Suderman reported from Richmond, Va.

  • Associated Categories: U.S. News, Associated Press (AP), AP National News, AP Online National News, Top U.S. News short headlines, Top General short headlines, AP Online Headlines - Washington, AP Online Congress News, AP Business, AP Business - Corporate News, AP Technology News
© Copyright 2021 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Suspected Russian hack fuels new US action on cybersecurity
U.S. officials are scrambling to reinforce the nation’s cyber defenses following a sweeping hack that may have exposed government and corporate secrets to Russia
1:06PM ( 5 minutes ago )
GOP source: Priebus mulling run for Wisconsin governor
Reince Priebus, a former White House chief of staff to Donald Trump, has called Republican donors and power brokers in Wisconsin to discuss a possible bid for governor or the U.S. Senate
1:05PM ( 7 minutes ago )
G-7 vows 'equitable' world vaccine access, but details scant
Leaders of the Group of Seven economic powers have promised to immunize the world’s neediest people against the coronavirus by giving money and precious vaccine doses to a U.N.-backed vaccine distribution effort
12:47PM ( 24 minutes ago )
Associated Press (AP)
Biden urges allies to show democracies can 'still deliver'
President Joe Biden has used his first big appearance on the global stage to call on fellow world leaders to demonstrate “democracies can still deliver" for people
12:15PM ( 56 minutes ago )
Back in Paris pact, US vows no more sidelining of climate
The United States has returned to the Paris climate accord
12:12PM ( 1 hour ago )
Texas grid operators say electrical system back to normal
Texas’ grid operators say the electrical system has returned to normal for the first time since a winter storm knocked out power to more than 4 million customers
12:00PM ( 1 hour ago )
AP National News
Nonprofits step up to protect fertility for cancer patients
The Chick Mission, a New-York based organization, pays the full cost of fertility preservation procedures for women with cancer
9:55AM ( 3 hours ago )
States remain split on guns in capitols after armed protests
In the past year, insurrectionists have breached the U.S. Capitol and protesters have forced their way into statehouses around the country
9:12AM ( 4 hours ago )
Massive breach fuels calls for US action on cybersecurity
U.S. officials are scrambling to reinforce the nation’s cyber defenses following a sweeping hack that may have exposed government and corporate secrets to Russia
8:52AM ( 4 hours ago )
Top U.S. News short headlines
Stocks open higher on Wall Street after 3 straight losses
Stocks are opening higher on Wall Street following three straight days of losses
9:45AM ( 3 hours ago )
South Africa's president fights own party over corruption
South African President Cyril Ramaphosa's anti-corruption drive is facing stiff resistance from political foes within his own party
9:19AM ( 3 hours ago )
Dutch government in 2-pronged bid to save coronavirus curfew
A judge says that a Dutch appeals court will take a week to decide whether to overturn a judge’s ban on the country’s coronavirus curfew
9:06AM ( 4 hours ago )
AP Online Headlines - Washington
GOP's Thune says Trump allies engaging in 'cancel culture'
Republican Sen. John Thune is criticizing activists and party leaders for engaging in “cancel culture” by rushing to censure GOP senators for voting to convict former President Donald Trump at his impeachment trial
12:37AM ( 12 hours ago )
Asia stocks follow Wall St. down after weaker US jobs data
Asian stock markets have followed Wall Street lower after disappointing U.S. jobs and economic data
12:29AM ( 12 hours ago )
Republican infighting rattles bid to oust Democrat Newsom
Infighting among California Republicans could endanger the party's hopes of ousting Democratic Gov. Gavin Newsom
12:07AM ( 13 hours ago )
AP Online Congress News
'Mom, can I buy stocks?' Teachable moments from GameStop
The recent stock market mania over the video game company GameStop, which this week was scrutinized by Congress, has provided a teachable moment for kids
11:31AM ( 1 hour ago )
US existing home sales, and prices, rise again in January
Sales of previously occupied U.S. homes rose again last month, a sign that the housing market’s strong momentum from 2020 may be carrying over into this year
11:29AM ( 1 hour ago )
The Latest: Pfizer-BioNTech data shows vaccine easier to use
New data indicate the COVID-19 vaccine developed by Pfizer and German partner BioNTech could be stored for two weeks without the ultracold storage currently required
11:18AM ( 1 hour ago )
AP Business
The Latest: Norway easing some coronavirus restrictions
Norway is easing some coronavirus restrictions
9:19AM ( 3 hours ago )
The Latest: Survey says new infections across U.K. falling
The United Kingdom's Office for National Statistics said rates of virus infection transmission have fallen across the all four U.K. nations
8:36AM ( 4 hours ago )
The Latest: Serbia gives more than a million vaccine doses
Serbia has administered more than a million doses of coronavirus vaccines
7:42AM ( 5 hours ago )
AP Business - Corporate News
GOP source: Priebus mulling run for Wisconsin governor
Reince Priebus, a former White House chief of staff to Donald Trump, has called Republican donors and power brokers in Wisconsin to discuss a possible bid for governor or the U.S. Senate
1:05PM ( 7 minutes ago )
G-7 vows 'equitable' world vaccine access, but details scant
Leaders of the Group of Seven economic powers have promised to immunize the world’s neediest people against the coronavirus by giving money and precious vaccine doses to a U.N.-backed vaccine distribution effort
12:47PM ( 25 minutes ago )
The Latest: WH adviser says US can catch up on vaccinations
White House coronavirus adviser Andy Slavitt said the U.S. can catch up on vaccinations lost due to winter weather with concerted effort
12:46PM ( 25 minutes ago )
Cities slammed by winter storms face new crisis: No water
States slammed by winter storms that left millions without power for days have traded one crisis for another
12:40PM ( 32 minutes ago )
Biden to see Pfizer plant as weather delays shipping vaccine
Extreme winter weather is dealing the first major setback to the Biden administration’s planned swift rollout of coronavirus vaccines just as the national vaccination campaign was hitting its stride
12:34PM ( 38 minutes ago )