Top Biden cyber official: SolarWinds breach could turn from spying to destruction 'in a moment'

WASHINGTON — President Biden’s top cybersecurity adviser says the “likely Russian” hackers who breached the popular IT monitoring software SolarWinds could use their access to “degrade” or “destroy” networks rather than simply spy on them “in a moment.”

Speaking Wednesday evening during a digital panel discussion hosted by the Council on Foreign Relations, Anne Neuberger, the deputy national security adviser on cyber and emerging technology on the National Security Council, said, “Even if it’s routine espionage,” the action is “still counter to our interests” and requires the U.S. government to find ways to force the perpetrators to reconsider their actions in the future. “How do we change our attackers’ calculus to make them think about those hacks they may be doing?”

Neuberger’s remarks come amid an ongoing debate about whether the breach was an act of digital warfare or a carefully crafted espionage campaign, and on the heels of an essay by Marcus Willett, a former senior cyber adviser to Britain’s digital intelligence agency, GCHQ, urging the U.S. to be cautious about retaliating. Willett deemed SolarWinds a “surgical” espionage campaign on the part of the Russians, rather than a reckless and destructive effort.

The Biden administration is still investigating the aftermath of the expansive SolarWinds breach, which gave the hackers, believed to be Russian, access to at least nine U.S. government agencies and a large number of private U.S. companies. While senior administration officials have yet to explain what a response to the breach might look like, they continue to insist it’s coming in “weeks, not months,” according to discussions with reporters in mid-March.

Neuberger did not elaborate on specifics but did say that the White House will adapt lessons learned from responding to a recent compromise of Microsoft Exchange email servers, while remaining vigilant for potential additional repercussions, including follow-up Russian digital attacks.

Neuberger recalled how the White House organized a “unified coordination group” following news that tens of thousands of organizations had been compromised due to hackers exploiting vulnerabilities in Microsoft’s email software in early March, an attack linked to China. That group, which included private sector executives for the first time as full partners, looked at ways to address the breach.

After the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency identified victims, the White House quickly worked with Microsoft to issue a “one-click” option that customers could use to patch their software, reducing the number of victims from over 100,000 to less than 10,000, said Neuberger.

“That kind of brainstorming … is really the kind of model we’re going to be using,” she said.

Neuberger also discussed forthcoming efforts to address cybersecurity.

The first, an executive order, will focus on protecting federal networks by requiring companies that sell software products to the U.S. government to meet certain minimum cybersecurity standards and to report breaches. “One of the things that makes cybersecurity such a confounding problem is that software and hardware are rife with vulnerabilities,” said Neuberger. “There is essentially a core market failure.”

A second "initiative" Neuberger alluded to will address industrial control systems for utilities, such as water and electricity. Cybersecurity experts, particularly those who have researched Russian attacks on the Ukrainian electrical grid, have been warning against dangerous attacks on major control systems for years. “We must have trust in the core systems of our society,” explained Neuberger. “We’re seeking to have visibility on those networks to detect anomalous behavior and block anomalous behavior.”

Neuberger also addressed questions about how the U.S. government might find ways to resolve gaps in the visibility of domestic networks. According to investigations into the SolarWinds breach, attackers utilized U.S.-based internet infrastructure to launch their attacks, making it so that agencies like the National Security Agency, which is largely authorized to monitor only foreign internet traffic, can’t follow them.

NSA Director Paul Nakasone has described this lack of visibility as a “gap” that must be addressed, although cybersecurity experts have warned that giving the agency additional surveillance powers might not actually have helped it stop the attackers any faster. A private sector company, FireEye, first alerted the U.S. government to the breach.

Neuberger noted that information sharing with the private sector, including key technology and cybersecurity companies, is an important vector for the U.S. government to continue to address sophisticated digital threats. “That’s a key part of our ability to uncover these activities,” she said.

She also said that the U.S. government is relying on “existing authorities" to monitor U.S. networks, but she did not elaborate on what those were. For now, the government isn’t seeking additional authorities to surveil U.S. networks, according to an administration official who spoke with journalists in mid-March.

Editors' note: A previous version of this story mentioned two executive orders discussed by Neuberger. However, there will in fact only be one executive order, while the effort directed toward industrial control systems will be an internal government initiative.

____

Read more from Yahoo News:

• Biden’s $2 trillion infrastructure plan makes a big bet on caregivers

• Remembering the lives lost to COVID-19

• We're about to get the 1st GOP election test in the post-Trump era

• Should the Tokyo Olympics be canceled because of COVID?