The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Congressional scrutiny heats up of government response to the SolarWinds hack

with Aaron Schaffer

The House Homeland Security Committee will today hold its first cybersecurity hearing of 2021. The hearing comes as scrutiny heats up of the government's response to a massive Russian hack of government systems exposed in December.

The task before us is to zero in on how can we mature our defenses to match the capabilities of our adversaries, House Homeland Security Committee Chairman Bennie G. Thompson (D-Miss.) will say in his opening statement. The Russian SolarWinds campaign threatens our nation and cannot be tolerated.

Russian actors were able to exploit a vulnerability in SolarWinds products and other software to infiltrate the networks of at least eight government agencies and potentially thousands of other companies and governments around the world.

Testifying before the panel will be former cybersecurity officials Chris Krebs, Sue Gordon and Michael Daniel as well as cybersecurity expert Dmitri Alperovitch.

Lawmakers will be looking for answers as to why, despite significant investments in federal network security, Russians managed to lurk unnoticed in government systems for months. Lawmakers are working with other key committees to learn more about the campaign, Thompson says.

Also likely to come up is a recent hack of a Florida town's water supply, a committee spokesperson said. The attempted poisoning of the water supply by a hacker has raised alarm about serious vulnerabilities in U.S. critical infrastructure.

“Today we will be discussing what I hope will be a bipartisan endeavor making cyberspace more secure and networks more resilient, Thompson said in a statement to The Cybersecurity 202. Thankfully, after four years, Congress now has a willing and able cybersecurity partner in the White House. I am optimistic about the progress we can make but we must work quickly to make up for lost time.

Other cybersecurity leaders in Congress are cranking up pressure on Biden to better coordinate investigative efforts.

Leaders of the Senate Intelligence Committee say President Biden's intelligence leaders need to get their act together when it comes to coordinating a response to the attack.

The briefings we have received convey a disjointed and disorganized response to confronting the breach, Sen. Mark R. Warner (D-Va.), chairman of the Senate Select Committee on Intelligence and vice chair Sen. Marco Rubio (R-Fla.) wrote to agency leaders. Taking a federated rather than a unified approach means that critical tasks that are outside the central roles of your respective agencies are likely to fall through the cracks.

The pair urged the agencies to pick a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed.” 

SolarWinds is also the current focus of Congress' newest cybersecurity subcommittee.

SolarWinds will be the first matter of business for the new cybersecurity subcommittee formed under the House Armed Services Committee. Rep. Jim Langevin (D-R.I.), who heads the new subcommittee, says he plans to hold either a hearing or briefing on SolarWinds this month.

He declined to make a judgment on the administration's response efforts.

I am waiting to see how this continues to unfold so I'm not going to criticize anything at this point, he said. 

It will help once we have a national cyber director in place. That's something that's missing, he said, referring to a new role approved in the latest defense budget. Biden has yet to name a nominee to the post.

Langevin's subcommittee will take the lead on making sure the U.S. military has the technology to detect and defend against the next major foreign cyber threat. That includes making sure the United States has adequate resources to invest in emerging technology such as artificial intelligence cyberthreat detection.

Right now, the team tasked with defending the nation by identifying and blocking adversary activity makes up the smallest number of U.S. Cyber Command's mission force talent.

If our posture is going to be more defending forward and more defending earlyI think that's going to have to change, Langevin said.

The keys

Hackers planted evidence against Indian activists accused of planning to overthrow the government.

An attacker used malware to infiltrate the laptop belonging to one of the activists to place ten incriminating letters on the computer, Niha Masih and Joanna Slater first report.

The attack was uncovered by digital forensics firm Arsenal Consulting at the request of the activist's lawyers, who are now seeking for the case be dismissed. While the report does not identify the perpetrator of the attack, it furthers serious doubts about the case against the activists. 

“This is one of the most serious cases involving evidence tampering that Arsenal has ever encountered,” the report said, citing the “vast timespan” of  nearly two years attackers took between compromising the computer and depositing the last letter.

Three outside experts who reviewed the document concurred with the report's analysis. 

Lawmakers want to know why defenses weren’t up for SolarWinds hack.

Hackers used a years-old Microsoft vulnerability and a weakness publicized by FireEye once they had gotten into SolarWinds and other software, Craig Timberg reports. The warnings raise serious questions about U.S. government cyberdefense and cybersecurity strategies.

Some are calling for stronger defenses and better warning systems, while others say there should be more investment in tools to hunt down intruders in networks. Lawmakers are also scrutinizing previously published security vulnerabilities.

“I want to know why Microsoft didn’t provide its customers with tools to better protect and detect the theft of encryption keys, and why government agencies failed to deploy their own defenses,” Sen. Ron Wyden (D-Ore.) said. Microsoft and a cybersecurity company, FireEye, also defended their handling of the vulnerability in replies to Wyden — FireEye by letter, Microsoft by video call — according to a Wyden aide who spoke on the condition of anonymity to discuss communications not yet made public.

Huawei is challenging the FCC’s designation of the company as a national security threat.

The Chinese tech giant wants a federal appeals court to overturn a December order by the FCC that called it a national security risk.

The lawsuit, which called the order arbitrary, capricious, and an abuse of discretion,” comes as the Biden administration faces pressure by Republicans to take a hard line against the company. Biden’s pick to lead the Commerce Department, Rhode Island Gov. Gina Raimondo, drew Republican ire when she declined to commit to keeping the company on a department blacklist, though she later said she knew of “no reason” to remove the company from the list.

The Trump administration added the company to a trade blacklist in response to claims it would give the Chinese government a back door to U.S. customers' systems. Huawei has denied the claims.

Meanwhile, Huawei founder and CEO Ren Zhengfei has called for a reset with the Biden administration, AFP’s Dan Martin reports. “We hope the new US administration would have an open policy for the benefit of American firms and the economic development of the United States,” he said.

Global cyberspace

A U.N. panel says North Korean hackers stole hundreds of millions of dollars worth of cryptocurrency last year.

They said in a new report the country is continuing to launder the stolen cryptocurrency to finance its nuclear and ballistic missile programs, the Associated Press's Edith M. Lederer reports. It comes as the Biden administration reviews U.S. relations with the country and plans a new Korea strategy.

The “total theft of virtual assets from 2019 to November 2020 is valued at approximately $316.4 million,” according to the report.

In March, the Justice Department charged two Chinese nationals with laundering more than $100 million in stolen money from a cryptocurrency exchange. The U.S. government also seized 113 cryptocurrency accounts and sanctioned the men. “[North Korean] cyber actors actively target the cryptocurrency community,” the Treasury Department wrote at the time, “and are known to employ a variety of fake cryptocurrency trading programs that contain malware.”

More global cybersecurity news:

U.K. merger watchdog suffers 150 data breaches in two years (Bloomberg)


  • The Election Assistance Commission votes on new voting security guidelines today at 10 a.m.
  • Anne Neuberger, the deputy national security adviser for cyber and emerging technology, speaks at a meeting of the National Security Telecommunications Advisory Committee today at 1 p.m.
  • Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, and Sue Gordon, a top former intelligence official, testify at a House Homeland Security Committee hearing on cybersecurity today at 2 p.m.

Secure log off

Always check your webcam filters before a work meeting.