WASHINGTON — Reacting to senators’ criticism of a disorganized response to a massive government hack, the White House said a top cybersecurity adviser is leading the recovery.
The news Wednesday that Anne Neuberger, deputy national security adviser for cyber, is in charge of responding to the Russian breach pleased Senate Intelligence Committee leaders, who called the effort disjointed a day earlier and have pushed for more information about federal cybersecurity.
“The federal government’s response to date to the SolarWinds breach has lacked the leadership and coordination warranted by a significant cyber event, so it is welcome news that the Biden administration has selected Anne Neuberger to lead the response,” said Sens. Mark Warner, D-Virginia, and Marco Rubio, R-Florida, the committee chairman and vice chairman, respectively. “The committee looks forward to getting regular briefings from Ms. Neuberger and working with her to ensure we fully confront and mitigate this incident as quickly as possible.”
Before moving to a new cybersecurity-focused role on the National Security Council, Neuberger was the first director of the National Security Agency’s Cybersecurity Directorate, created in 2019 to provide the private sector key intelligence to bolster national cybersecurity.
Media reports noted that the Biden administration said Neuberger has been the point person on the federal response all along, but that role had not been known publicly.
The breach, believed to have started in last spring, was executed through a variety of vectors, according to experts, most notably by inserting malicious code in software updates provided by government supplier SolarWinds.
Hackers targeting the government’s supply chain could be the new normal, a top cyber expert warned members of Congress.
“SolarWinds really represents a new normal for Russian intelligence. If you look at what they were doing prior to SolarWinds, they were trying to be very noisy when they were breaking in and being detected very, very quickly,” Dmitri Alperovitch, executive chairman, Silverado Policy Accelerator, said in a Feb. 10 hearing before the House Committee on Homeland Security. “I believe that they reevaluated post their original compromises of the White House, State Department and the Joint Chiefs of Staff back in 2014 and 2015 and realized that the supply chain vector — being able to comprise these high-risk software like SolarWinds and using that to gain access to high value networks is really the way to go if you want to have long term access to these networks and remain undetected for months if not years.”
Other cybersecurity experts have noted changes in Russia’s tradecraft throughout the last decade. Kevin Mandia, CEO at cybersecurity firm FireEye, has said if Russian hackers were caught in U.S. networks a decade ago, they would leave to prevent any observation of their behavior. This changed around 2014-2015 when, if caught, they would persist on the network even though they knew they were being watched.
Alperovitch, who co-founded CrowdStrike and left in 2020, has followed Russian intelligence and cyber activities for years. He indicated the country’s efforts in cyberspace mirror its activities in human intelligence, sending spies to implant themselves in society over decades to steal secrets.
China is also likely taking note of these Russian tactics, he said.
In fact, China discovered several years back that it can hack contractors working on sensitive Department of Defense and national security programs to steal information and intellectual property, even use the information to build similar systems such as its J-31, which closely resembles the F-35.
Adversaries have realized they can target small to medium-sized manufacturing companies with crippling cyberattacks because, in many cases, these companies provide the Department of Defense critical services but often are so small that they don’t have the wherewithal to institute enough cyber defenses against intrusions.
A key role for the NSA’s cybersecurity directorate is helping secure the defense industrial base and defense weapons systems.
One way the government has sought to bolster the supply chain and defense industrial base is the Cybersecurity Maturity Model Certification, a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic cyber hygiene and a five represents advanced hygiene.
Another way to improve supply chain vulnerabilities, Alperovitch offered, is to elevate standards for providers and require them to provide annual audits of their source code and networks.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.