Biden’s Team Vows Action Against Hack as US Threats Persist
WASHINGTON (AP) — Once in office, President-elect Joe Biden will punish Russia for its suspected cyberespionage operation against the United States with financial sanctions and measures to hobble the Kremlin’s ability to launch future hacks, his chief of staff said Sunday, as a GOP senator criticized President Donald Trump for having a “blind spot” when it comes to Moscow.
“Those who are responsible are going to face consequences for it,” said Biden chief of staff Ron Klain. “It’s not just sanctions. It’s also steps and things we could do to degrade the capacity of foreign actors to repeat this sort of attack or, worse still, engage in even more dangerous attacks.”
The head of the cybersecurity firm FireEye, which disclosed that it had been targeted by the spying attempt, said it was clear the foreign intrusions were not “one and done” and suggested there was little time to spare before the next one.
“These attacks will continue to escalate, and get worse if we do nothing,” said CEO Kevin Mandia.
Cybersecurity experts and U.S. officials such as Secretary of State Mike Pompeo have been clear over the past week that they believe Russia was behind the massive hack that infiltrated over 40 federal agencies, including the departments of Treasury, Energy and Commerce, as well as government contractors.
But Trump over the weekend cast doubt on that assessment, suggesting without evidence that China may be behind the cyber intrusions and minimizing the impact. “The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted, contradicting his own cybersecurity agency, which described the hacks as a “grave” threat.
On Sunday, Sen. Mitt Romney, R-Utah, blasted Trump for putting the U.S. at continuing risk.
“Russia acted with impunity,” he said. “They didn’t fear what we would be able to do from a cybercapacity. They didn’t think that our defense systems were particularly adequate. And they apparently didn’t think that we would respond in a very aggressive way.”
“I think we’ve come to recognize that the president has a blind spot when it comes to Russia,” Romney added, urging an immediate response and calling cyberspace the “warfare of the future.”
While Trump downplayed the impact of the hacks, the Cybersecurity and Infrastructure Security Agency has said it compromised federal agencies as well as “critical infrastructure.” Homeland Security, the agency’s parent department, defines such infrastructure as any “vital” assets to the U.S. or its economy, a broad category that could include power plants and financial institutions.
It’s not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry, COVID-19 vaccine-related research and information for dossiers on government and industry leaders.
Still, it may take months to kick elite hackers out of the U.S. government networks they have been quietly rifling through since as far back as March. Christopher Krebs, former director of CISA, highlighted the challenges ahead as Trump dismisses the threat and Biden prepares for his Jan. 20 inauguration.
“The federal civilian agencies, the 101 civilian agencies, are not really optimized for defense right now,” Krebs said. “And what that means is, there’s a lot of old antiquated, legacy IT systems that are hard to defend. Plus, the authorities are not in place for teams like CISA to really get out there and aggressively root out adversaries.”
Throughout his presidency, Trump has refused to blame Russia for well-documented hostilities, including its interference in the 2016 election to help him get elected. He blamed his predecessor, Barack Obama, for Russia’s annexation of Crimea, has endorsed allowing Russia to return to the G-7 group of nations and has never taken the country to task for allegedly putting bounties on U.S. soldiers in Afghanistan.
Klain said the incoming administration was still learning information about the purpose, nature and extent of the hacks and faulted the confused messaging from the Trump administration on who’s to blame.
Klain and Mandia spoke on CBS’ “Face the Nation,” Krebs was on CNN’s “State of the Union,” and Romney was on CNN and NBC’s “Meet the Press.”
In The News
WASHINGTON -- As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions with increasingly combative strategies. Legislation that won tentative approval in Congress on Monday anticipates a bigger role for the U.S. government in overseeing cybersecurity of critical... Read More
BEIJING (AP) — China on Tuesday rejected an accusation by Washington and its Western allies that Beijing is to blame for a hack of the Microsoft Exchange email system and complained Chinese entities are victims of damaging U.S. cyberattacks. A foreign ministry spokesman demanded Washington drop... Read More
WASHINGTON — Despite our reliance on space technology for things like communication, transportation, food, and health care — not to mention national security — our national space assets aren’t officially designated as critical infrastructure. Humanity is already dependent on space, but neglecting to protect space technology... Read More
The United States, NATO and several allies collectively called out China on Monday for a series of malicious cyber- and ransomware attacks, including a March attack that exploited a flaw in Microsoft's Exchange Server. Monday’s announcement, which followed a conference call with White House reporters Sunday... Read More
BOSTON (AP) — The State Department will offer rewards up to $10 million for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity against critical U.S. infrastructure — including ransomware attacks — and the White House has launched a task force... Read More
WASHINGTON (AP) — President Joe Biden said Tuesday that damage to U.S. businesses in the biggest ransomware attack on record appears minimal, though information remained incomplete. The company whose software was exploited said fewer than 1,500 businesses worldwide appeared compromised but cybersecurity experts caution that the... Read More