The name-check of the SolarWinds breach – and question about whether President Biden will seek to hold Russian President Vladimir Putin to account – is already a test of his promise to put cybersecurity as a top priority in his first 100 days.
Lawmakers comprising Congress's bipartisan cybersecurity commission want Biden to use their recommendations, shared first with The Cybersecurity 202, to guide his actions.
“Execution is as important as vision,” Sen. Angus King (I-Maine), co-author of the new report that's being sent to the White House today, tells me.
The Cyberspace Solarium Commission's plan focuses on three key areas: establishing the office of the National Cyber Director, developing a national cyber strategy and improving government cybersecurity efforts and partnerships with the private sector.
Biden's cyber czar will be key to a cross-agency response to the SolarWinds hack.
The position was one of 26 recommendations adopted from the cybersecurity commission's March report in a major defense spending bill that was signed into law at the beginning of this month. Biden has yet to name his pick for the office.
King said time is of the essence: “We have to see that it actually gets set up, we have a quality appointee, it gets funded, it gets a staff and can carry out the functions that were envisioned," King said.
The United States needs to implement a strategy to deter foreign hackers, King said.
“We think that should be a very high priority,” he said. “If there was any doubt, SolarWinds has erased that doubt."
“Our adversaries need to understand that there will be a cost to be paid if they attack us in cyberspace.”
Biden has already said he will take a much harder stance against Russia than his recent predecessor. His director of national intelligence, Avril Haines, and nominee for treasury secretary, Janet Yellen, both stressed the importance of imposing sanctions against hackers in their nomination hearings.
“I want someone at the table at the Kremlin saying, 'Boss, maybe we shouldn't be doing this because they're going to whack us'," King said.
Taking on Russia and other cyber threats, such as China, will take international cooperation.
That's why the commission is strongly recommending that the White House add an assistant secretary of State position focused on cybersecurity and working with other countries on setting international norms.
“If we're going to sanction bad actors, it needs to be worldwide sanctions,” King said.
The recommendations echo growing calls from intelligence leaders for stronger partnerships with the private sector.
A new level of partnership could be expedited by the National Cyber Director role, lawmakers say. So could increased resources for the Cybersecurity and Infrastructure Security Agency. Biden's proposed coronavirus recovery plan that includes more than $10 billion in cybersecurity-related funding, a step in that direction.
An attack like SolarWinds is an “entirely new domain” of international conflict that requires rethinking the involvement of the private sector in defense, King said.
“The intimate relationship between the government and the private sector in terms of defending ourselves is more important in this area than in any other kind of conflict,” King said.
The Cyberspace Solarium Commission is strategizing next steps after its wins in the recent defense spending bill.
The commission is meeting today to discuss legislative priorities for the year, King said. That could include a breach notification law, something that Sen. Mark R. Warner (D-Va.) also supports debating this Congress.
NSA Director Gen. Paul Nakasone placed the agency's new top lawyer on leave pending a Pentagon investigation.
The Pentagon's inspector general is looking into how Michael Ellis, a former Trump official, was selected for the job, Ellen Nakashima reports. Trump's then-acting Secretary of Defense Christopher C. Miller pushed Naksone to install Ellis over the weekend.
Critics accused the agency of trying to embed a political appointee in a career civil service position in the last minute. The installation also sparked an outcry from Democrats in Congress who raised concerns about the hiring and Ellis's qualifications.
Senate confirms Biden’s first cyber-related nominee.
Hours after Joe Biden was sworn in as president, Avril Haines became the first member of President Biden’s Cabinet, Shane Harris reports. Haines, a former top Central Intelligence Agency official in the Barack Obama administration, was confirmed by a bipartisan 84-10 margin.
Haines will now be able to get fully up to speed on classified briefings regarding SolarWinds.
Haines pledged to “safeguard” intelligence from political bias that some intelligence employees accused Trump officials of proliferating.
New Microsoft research gives a look into how hackers pulled off the SolarWinds attack.
The key was keeping the malicious code it used to move through systems separate from the backdoor it found in SolarWinds, Microsoft says. The research could provide insight into how copycat hackers might try to pull off a similar feat.
“What we found from our hunting exercise across Microsoft 365 Defender data further confirms the high level of skill of the attackers and the painstaking planning of every detail to avoid discovery,” Microsoft wrote.
The research also narrows in on the timeline during which hackers struck. Microsoft researchers say that hacker were doing “real hands-on-keyboard activity” and pouring through networks in early May.
Just when I thought we were moving *away* from the war metaphors….
Cybersecurity professional Joe Slowik and researcher Marcus Hutchins response:
Sophos Labs' Andrew Brandt:
- The State of the Net Conference will take place January 26 and 27.