'More than a single incident of espionage': Top Biden cybersecurity official details response to SolarWinds breach

WASHINGTON — The Biden administration is working on an executive order aimed at trying to prevent digital breaches like the massive SolarWinds hack, which affected government and private networks, a senior official said Wednesday afternoon.

Speaking to reporters at the White House, President Biden’s deputy national security adviser for cyber and emerging technology, Anne Neuberger, acknowledged the government realizes it does not have “years” to address the problem. “The fix and the cleanup work is underway already,” she said.

The breach, which affected thousands of public and private sector individuals and entities, was discovered in December when the private cybersecurity company FireEye uncovered a malicious software update for the popular IT monitoring tool SolarWinds that allowed Russian hackers to infiltrate sensitive corporate and government networks undetected for months, likely accessing large amounts of private data.

White House deputy national security adviser Anne Neuberger speaks during a press briefing on Feb. 17, 2021, in Washington. (Evan Vucci/AP)
White House deputy national security adviser Anne Neuberger at a press briefing on Wednesday in Washington. (Evan Vucci/AP)

Neuberger appeared alongside press secretary Jen Psaki during the daily White House press briefing to provide an update on the administration’s investigation into the recent massive digital breach, which has been attributed to Russia and affects a broad swath of public and private entities.

The administration is already “addressing the gaps we’ve identified in our review of this incident” as well as working with allies around the world who have been similarly affected by Russian cyberattacks and espionage, she said.

The SolarWinds breach is “more than a single incident of espionage,” Neuberger said, referencing the scope and timeline of the breach.

During the press briefing, Neuberger laid out several different steps the government plans to take to address the compromise and prevent similar activity from taking place in the future, including “finding and expelling the adversary.” Given the effort the likely Russian hackers took to obfuscate their trail, those efforts are more complicated than determining which government agencies or private companies were using the specific SolarWinds product, as there is a chance that attackers may have found additional backdoors into other parts of the network after getting an initial foothold.

The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. (Sergio Flores/Reuters)
SolarWinds headquarters in Austin, Texas. (Sergio Flores/Reuters)

Neuberger explained that the National Security Council is coordinating the response with relevant federal agencies, private sector companies with access to technology and data that are “necessary to understanding the scale and scope of compromise,” and partners on Capitol Hill, where Neuberger said she’d be having meetings next week.

The White House anticipates the investigation into the breach will take “months,” she said.

Neuberger was not able to provide an immediate estimate on the monetary cost of the intrusions but said the government will need to be focused on investing in securing federal networks, as many government agencies have extremely outdated hardware and software in need of an update.

Cybersecurity experts have debated in recent weeks what a response to the breach should look like given that there is not yet evidence the perpetrators plan to do more than use their access to the systems for the purposes of spying — activity the U.S. and most other nations undertake and acknowledge. The Biden administration’s definition of the attack will most likely heavily affect how it ultimately chooses to respond to the activity.

Neuberger said the government knows espionage was certainly a “goal” given that “there are a number of [agencies targeted] with high foreign intelligence interest to a foreign government.”

However, she told reporters that the White House has not ruled out the possibility that the sophisticated actors behind the breach might resort to data deletion or other destructive attacks.

“There’s concern for this to become disruptive,” said Neuberger. “We have not ruled out potential additional activity, but we’re very focused on carefully taking this step-by-step.”


Read more from Yahoo News: