Intelligence and law enforcement officials are still trying to piece together the cyberespionage campaign blamed on Russia that has badly shaken the US government and private sector. The hack, connected to tainted software from the US firm SolarWinds, was publicly revealed in December but believed to have begun more than a year earlier.
The intruders stealthily scooped up intelligence for months, carefully choosing targets from thousands of customers infected with malicious code they activated after sneaking it into an update of network management software first pushed out last March by Texas-based SolarWinds. The company makes popular software that monitors computer networks of businesses and governments.
So far, the list of agencies known to have been affected includes the Treasury, Commerce and Justice departments, along with several private companies including cybersecurity firms. The Russian government has denied any role in the hack.
In a letter released Tuesday, leaders of the Senate Intelligence Committee blasted the Biden administration for what they said was a lackluster reaction to the SolarWinds hack.
“The briefings we have received convey a disjointed and disorganised response to confronting the breach,” Sens. Mark Warner, D-Va., and Marco Rubio, R-Fla., said in the letter.
Warner, the new Democratic chairman of the committee, and Rubio, the Republican vice chairman, urged the Biden administration to “name and empower a clear leader” who has the authority to “coordinate the response, set priorities, and direct resources to where they are needed.”
The White House response on Wednesday pointed to Neuberger’s role since Biden’s inauguration. The response to the letter was first reported by The New York Times.
“In the first weeks of the Biden administration DNSA Neuberger has held a series of consultations with both Democratic and Republican members of Congress on our approach to SolarWinds specifically and our cybersecurity strategy broadly,” said Emily Horne, a spokeswoman for the National Security Council. “We look forward to continuing to work with Congress on these issues.”
A joint statement from Warner and Rubio acknowledged the White House’s reassurance and suggested Neuberger’s role had not been known.
“The federal government’s response to date to the SolarWinds breach has lacked the leadership and coordination warranted by a significant cyber event, so it is welcome news that the Biden administration has selected Anne Neuberger to lead the response,” the statement said.
Also on Wednesday, the House Homeland Security Committee held a hearing with cybersecurity experts to discuss the SolarWinds hack and other issues.
“In the not too distant past … most of us had never heard of SolarWinds, but now it dominates cybersecurity conversations,” said Rep. Bennie Thompson, D-Miss., the committee’s chairman.