How Will the Government Respond to the SolarWinds Hack?
The government is contemplating several steps in its response to the Russian attack. In a White House briefing in February, Neuberger said a key goal is to find and expel the malicious actors.
“We’re working closely with daily conversations with our private sector partners. They have visibility and technology that is key to understanding the scope and scale of compromise,” she said. “There are legal barriers and disincentives to the private sector sharing information with the government. That is something we need to overcome.”
Neuberger noted that the Russian attack was the work of a “sophisticated actor who did their best to hide their tracks” and that the government believes it “took them months to plan and execute this compromise. It’ll take us some time to uncover this, layer by layer.”
The government will also modernize its cybersecurity defenses, she said, which will involve having greater visibility into federal networks and IT systems. “We’re absolutely committed to reducing the risk this happens again,” she said. “If you can’t see a network, you can’t defend a network. And federal networks’ cybersecurity needs investment and more of an integrated approach to detect and block such threats.”
Wales also suggested in February that CISA would enhance the way it monitors federal networks. FCW reports:
Wales said CISA is exploring ways to monitor activities internally for “anomalous activities” such as a network management system communicating through an encrypted channel to an entity outside the network.
The government also must enhance its software assurance and ensure that government contracts have requirements on software supply chain security.
“What made SolarWinds so devastating was that SolarWinds devices are normally configured to have broad administrative rights on a network,” Wales said, according to FCW. “If a system is like that, if it has broad administrative rights, then it requires further hardening inside of your network.”
The attack may have far-reaching consequences for federal IT systems and require large-scale restructuring of networks and IT systems. MIT Technology Review reports:
When the hackers have succeeded so thoroughly and for so long, the answer sometimes can be a complete rebuild from scratch. The hackers made a point of undermining trust in targeted networks, stealing identities, and gaining the ability to impersonate or create seemingly legitimate users in order to freely access victims’ Microsoft 365 and Azure accounts. By taking control of trust and identity, the hackers become that much harder to track.
“Most of the agencies going through that level of rebuilding will take in the neighborhood of 12 to 18 months to make sure they’re putting in the appropriate protections,” Wales tells MIT Technology Review.