Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Senators Press for More on SolarWinds Hack After AP Report

Key lawmakers said Tuesday they’re concerned they’ve been kept in the dark about what suspected Russian hackers stole from the federal government and they pressed Biden administration officials for more details about the scope of what’s known as the SolarWinds hack.

Key lawmakers said Tuesday they’re concerned they’ve been kept in the dark about what suspected Russian hackers stole from the federal government and they pressed Biden administration officials for more details about the scope of what’s known as the SolarWinds hack.

In letters to top officials, Sens. Gary Peters and Rob Portman said recent reporting by The Associated Press “raised the troubling possibility that some federal agencies did not fully report” the extent of the breach to Congress.

“Time and again this committee has discussed the challenges of defending against sophisticated, well-resourced, and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack,” the senators wrote. Peters, a Democrat from Michigan, chairs the Senate Homeland Security and Governmental Affairs Committee. Portman, of Ohio, is the top Republican.

The AP reported last month that suspected Russian hackers gained access to email accounts belonging to the Trump administration’s acting homeland security secretary, Chad Wolf, and members of his department’s cybersecurity staff whose jobs included hunting threats from foreign countries.

It’s been nearly four months since officials discovered what they describe as a sprawling, monthslong cyberespionage effort done largely through a hack of a widely used software from Texas-based SolarWinds Inc. At least nine federal agencies, including the Department of Homeland Security, were hacked, along with dozens of private-sector companies.

The senators sent their letters to Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency at DHS, and Christopher DeRusha, chief information security officer at the Office of Management and Budget.

The senators are asking for several documents related to the hack, including those that show which individual accounts were targeted or compromised.

Scott McConnell, a spokesman for the cybersecurity agency, said it “does not comment on congressional correspondence.” OMB did not immediately return a request for comment.

Anne Neuberger, deputy national security adviser, said in an interview with The Associated Press last week there were “gaps” in basic cybersecurity defenses at some of the nine agencies affected, which have hampered officials’ ability to determine what the hackers accessed.

She said the administration has identified five needed modernizations as a result of its review of how the SolarWinds hack happened, including using technology that continuously monitors for malicious activity and requiring greater use of multi-factor authentication so systems can’t be accessed with a stolen password alone.

The Biden administration has tried to keep a tight lid on the scope of the SolarWinds attack as it weighs retaliatory measures against Russia. But an inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials’ schedules.

The AP interviewed more than a dozen current and former U.S. government officials, who spoke on the condition of anonymity because of the confidential nature of the ongoing investigation into the hack.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption