RICHMOND, Va. (AP) — It’s a key part of President Joe Biden’s plans to combat major ransomware attacks and digital espionage campaigns: Create a committee of experts that would investigate major incidents to see what that was wrong and try to prevent problems from occurring. again – much like a transportation safety board does with plane crashes.
But eight months after Biden signed an executive order creating the Cybersecurity Review Board, it still hasn’t been set up. This means critical tasks have not been completed, including an investigation into SolarWinds’ massive espionage campaign first uncovered more than a year ago. Russian hackers stole data from several federal agencies and private companies.
Some supporters of the new board say the delay could harm national security and comes amid growing concerns over a potential conflict with Russia over Ukraine that could involve nation-state cyberattacks. The FBI and other federal agencies recently issued an advisory — specifically aimed at critical infrastructure such as utilities — on the methods and techniques of Russian state hackers.
“We will never get ahead of these threats if it takes us almost a year to just organize a group to investigate major breaches like SolarWinds,” said Sen. Mark Warner, a Virginia Democrat who heads the Senate Intelligence Committee. . “Such a delay is detrimental to our national security and I urge the administration to expedite its process.”
Biden’s order, signed in May, gives the council 90 days to investigate the SolarWinds hack once it is established. But there is no timetable for the creation of the council itself, a job entrusted to Homeland Security Department Secretary Alejandro Mayorkas.
In response to questions from The Associated Press, DHS said in a statement that it was well advanced in setting it up and expected a “short-term announcement,” but did not explain why the process took so long. long time.
Scott Shackelford, chair of the cybersecurity program at Indiana University and an advocate for the creation of a cybersecurity review board, said having a rigorous study of what happened during an earlier hack like SolarWinds is a way to help prevent similar attacks.
“It definitely takes, my goodness, a while to get it going,” Shackelford said. “It is certainly long overdue that we can see positive benefits from doing so.”
The Biden administration has made improving cybersecurity a top priority and taken steps to strengthen defenses, but it’s not the first time lawmakers have been unhappy with the pace of progress. Last year, several lawmakers complained that it took too long for the administration to appoint a national director of cybersecurity, a new position created by Congress.
The SolarWinds hack exploited vulnerabilities in the software supply chain system and went undetected for most of 2020 despite compromises from a wide range of federal agencies and dozens of companies, mostly telecommunications and information technology providers. The hacking campaign is named SolarWinds after the American software company whose product was exploited in the first infection stage of this effort.
The hack highlighted the Russians’ ability to hit high profile targets. The AP previously reported that SolarWinds hackers gained access to emails belonging to then-serving Homeland Security Secretary Chad Wolf.
The Biden administration hid many details about the cyber espionage campaign.
The Department of Justice, for example, said in July that 27 US law firms across the country had at least one employee’s email account compromised during the hacking campaign. He did not provide details about the type of information taken and the impact such a hack could have had on ongoing cases.
New York-based DOJ Antitrust Division staff also had files stolen by SolarWinds hackers, according to a former senior official briefed on the hack who was not authorized to speak about it publicly and requested anonymity. . This violation has not been previously reported. The Antitrust Division investigates private companies and has access to highly sensitive corporate data.
The federal government has undertaken reviews of the SolarWinds hack. The Government Accountability Office released a report this month into the SolarWinds hack and another major hacking incident which found there was sometimes a slow and difficult process to share information between government agencies and the private sector. . The National Security Council also conducted a review of SolarWinds. hacked last year, according to the GAO report.
But asking the new board to conduct a thorough, independent review of the SolarWinds hack could identify security gaps and quiet issues that others may have missed, said Christopher Hart, former chairman of the National Transportation Safety Board who pleaded for the creation of a cybersecurity review committee. .
“Most of the crashes that the NTSB really pursues … are the ones that surprise even safety experts,” Hart said. “These weren’t really obvious things, they were things that really required extensive research to figure out what was wrong.”
Suggest a fix