Loading...

SolarWinds Cyberattack Prompts Calls for Aggressive Countermeasures

March 1, 2021 by Tom Ramstack
SolarWinds Cyberattack Prompts Calls for Aggressive Countermeasures
Rep. John Katko. (Screen Shot)

WASHINGTON — A congressional hearing Friday showed that foreign computer hackers are facing a growing likelihood of counterattack from the United States as a result of the SolarWinds software breach.

Lawmakers and computer industry officials agreed the hackers must face consequences to deter them in the future.

“This wasn’t the first kind of attack like this nor will it be the last,” said Rep. James Comer, R-Ky.

He described the SolarWinds computer breach as a military-style attack that should result in a U.S. counterattack “with the same resources as if the instrument of attack were physical or kinetic.”

“Kinetic” refers to the force of a blast generated by explosives.

SolarWinds Inc. is an Austin, Texas-based company that develops business software to manage information technology infrastructure. As of December 2020, its roughly 300,000 customers included nearly all Fortune 500 companies and numerous federal agencies.

On Dec. 12, SolarWinds discovered that one of its products called Orion was the target of a sophisticated hacker attack traced to Russia. The attack persisted undetected for nine months last year and invaded emails, source code and documents of the Department of Energy and other federal agencies.

Microsoft Corp. President Brad Smith called the computer breach “the largest and most sophisticated attack the world has ever seen.”

He told the House Oversight and Reform Committee that the attack invaded the software of about 17,000 SolarWinds customers, reaching deep into American technology companies and government agencies. One of them was Microsoft.

“This was an attack on the software supply chain,” Smith said.

He added, “It was the kind of act that was reckless. It was the kind of act that needs consequences.”

Unlike nearly any other time Microsoft has been investigated, he agreed a bigger role for the government was needed to protect American information technology infrastructure.

A team from the Russian Foreign Intelligence Service allegedly exploited an old loophole in Microsoft software to gain a backdoor into SolarWinds programs, then altered them so slightly it went unnoticed. The alteration turned off any firewalls that would prevent the Russians from monitoring how the programs were used by SolarWinds customers.

Some lawmakers accused SolarWinds of lax security, such as when one of its employees used the password SolarWinds123 to gain access to its servers.

Sudhakar Ramakrishna, SolarWinds’ chief executive officer, described as unrealistic beliefs that a private corporation could provide complete protection against such a sophisticated “nation-state” attack.

“They were very, very careful about covering their tracks,” Ramakrishna said.

He added, “All software has some sort of vulnerability or another.”

Among options Congress is considering is granting more authority to the Cybersecurity and Infrastructure Security Agency. It is a federal agency founded in 2018 that coordinates government cybersecurity with corporations, state and local governments and other infrastructure operators.

Although it is a small agency now, some lawmakers want it to become a major player in the nation’s cybersecurity.

They are considering legislation that would require companies and government agencies to share information about cyberthreats by using CISA as their clearinghouse. They would be required to promptly report attacks to CISA. The agency also would be likely to spearhead counter attacks against hackers.

Rep. John Katko, R-N.Y., who supports expanding CISA, said, “CISA still does not have the proper authorities … to nimbly respond to attacks.”

He described cybersecurity as an arms race when he said Russia, China, Iran and North Korea are “winning the modern-day arms race and we need to step up.”

Some of the corporate executives suggested more government funding for cybersecurity education to fill the estimated 300,000-job shortfall of qualified applicants.

In The News

Health

Voting

Congress

January 20, 2022
by Tom Ramstack
Puerto Rico’s Bankruptcy Approved After Struggle With Massive Debt

WASHINGTON — Puerto Rico’s five-year struggle to free itself from crushing debt ended Tuesday when a federal judge signed off... Read More

WASHINGTON — Puerto Rico’s five-year struggle to free itself from crushing debt ended Tuesday when a federal judge signed off on the U.S. territory’s bankruptcy plan. The restructuring cuts Puerto Rico’s public debt from $33 billion to just over $7.4 billion. The total debt from all... Read More

January 19, 2022
by Tom Ramstack
The Pandemic’s Natural Disaster Makes Congress Seek a Better Fix

WASHINGTON — As public health officials warned this week the U.S. COVID-19 death toll could reach 1 million by this... Read More

WASHINGTON — As public health officials warned this week the U.S. COVID-19 death toll could reach 1 million by this spring, a congressional panel on Wednesday considered what it would take to ensure it never happens again. Rep. Joseph Morelle, D-N.Y., talked about the increasing frequency... Read More

Biden to Highlight Progress, Ask for Patience Over Setbacks

WASHINGTON (AP) — President Joe Biden on Wednesday will try to talk anxious Americans through the challenges of delivering on... Read More

WASHINGTON (AP) — President Joe Biden on Wednesday will try to talk anxious Americans through the challenges of delivering on his lengthy to-do list as he holds a rare news conference to mark his first year in office and asks for patience with recent setbacks to... Read More

January 18, 2022
by Dan McCue
Jan. 6 Committee Subpoenas Giuliani, Other Trump Attorneys

WASHINGTON — The Select Committee to Investigate the Jan. 6 Attack on the United States Capitol issued subpoenas Tuesday evening... Read More

WASHINGTON — The Select Committee to Investigate the Jan. 6 Attack on the United States Capitol issued subpoenas Tuesday evening to Rudolph Giuliani, Jenna Ellis, Sidney Powell and Boris Epshteyn. In a tweet, the committee said simply, “The four individuals advanced unsupported theories about election fraud,... Read More

January 18, 2022
by Dan McCue
Langevin Sees Future in Retirement Rather Than Reelection

WASHINGTON — Rep. Jim Langevin, D-R.I., won’t be seeking reelection to Congress in the fall, bringing the curtain down on... Read More

WASHINGTON — Rep. Jim Langevin, D-R.I., won’t be seeking reelection to Congress in the fall, bringing the curtain down on an 11-term congressional career. “Nearly 40 years ago, a tragic accident left me paralyzed. My dreams of becoming a police officer were crushed, and I was... Read More

January 18, 2022
by Dan McCue
McNerney to Bid House Adieu After 2022

WASHINGTON — Rep. Jerry McNerney, D-Calif., the Northern California Democrat who jumped from energy to public service, announced Tuesday he’s... Read More

WASHINGTON — Rep. Jerry McNerney, D-Calif., the Northern California Democrat who jumped from energy to public service, announced Tuesday he’s retiring at the conclusion of his third term. McNerney joined 26 other Democrats who have announced they plan to leave Congress after the midterm elections. In... Read More

News From The Well
Exit mobile version