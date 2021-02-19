Massive breach fuels calls for US action on cybersecurity

White House deputy national security adviser Anne Neuberger speaks during a press briefing, Wednesday, Feb. 17, 2021, in Washington. (AP Photo/Evan Vucci)
  • Oops!
    Something went wrong.
    Please try again later.
BEN FOX and ALAN SUDERMAN
  • Oops!
    Something went wrong.
    Please try again later.

WASHINGTON (AP) — Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats.

The breach, which hijacked widely used software from Texas-based SolarWinds Inc., has exposed the profound vulnerability of civilian government networks and the limitations of efforts to detect threats.

It's also likely to unleash a wave of spending on technology modernization and cybersecurity.

“It’s really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future,” Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing.

The reaction reflects the severity of a hack that was disclosed only in December. The hackers, as yet unidentified but described by officials as “likely Russian,” had unfettered access to the data and email of at least nine U.S. government agencies and about 100 private companies, with the full extent of the compromise still unknown. And while this incident appeared to be aimed at stealing information, it heightened fears that future hackers could damage critical infrastructure, like electrical grids or water systems.

President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack. The administration has also proposed expanding by 30% the budget of the U.S. Cybersecurity and Infrastructure Agency, or CISA, a little-known entity now under intense scrutiny because of the SolarWinds breach.

Republicans and Democrats in Congress have called for expanding the size and role of the agency, a component of the Department of Homeland Security. It was created in November 2018 amid a sense that U.S. adversaries were increasingly targeting civilian government and corporate networks as well as the “critical” infrastructure, such as the energy grid that is increasingly vulnerable in a wired world.

Speaking at a recent hearing on cybersecurity, Rep. John Katko, a Republican from New York, urged his colleagues to quickly "find a legislative vehicle to give CISA the resources it needs to fully respond and protect us.”

Biden’s COVID-19 relief package called for $690 billion more for CISA, as well as providing the agency with $9 billion to modernize IT across the government in partnership with the General Services Administration.

That has been pulled from the latest version of the bill because some members didn’t see a connection to the pandemic. But Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus, said additional funding for CISA is likely to reemerge with bipartisan support in upcoming legislation, perhaps an infrastructure bill.

“Our cyber infrastructure is every bit as important as our roads and bridges,” Langevin, a Rhode Island Democrat, said in an interview. “It’s important to our economy. It’s important to protecting human life, and we need to make sure we have a modern and resilient cyber infrastructure.”

CISA operates a threat-detection system known as “Einstein" that was unable to detect the SolarWinds breach. Brandon Wales, CISA's acting director, said that was because the breach was hidden in a legitimate software update from SolarWinds to its customers. After it was able to identify the malicious activity, the system was able to scan federal networks and identify some government victims. “It was designed to work in concert with other security programs inside the agencies,” he said.

The former head of CISA, Christopher Krebs, told the House Homeland Security Committee this month that the U.S. should increase support to the agency, in part so it can issue grants to state and local governments to improve their cybersecurity and accelerate IT modernization across the federal government, which is part of the Biden proposal.

“Are we going to stop every attack? No. But we can take care of the most common risks and make the bad guys work that much harder and limit their success,” said Krebs, who was ousted by then-President Donald Trump after the election and now co-owns a consulting company whose clients include SolarWinds.

The breach was discovered in early December by the private security firm FireEye, a cause of concern for some officials.

“It was pretty alarming that we found out about it through a private company as opposed to our being able to detect it ourselves to begin with,” Avril Haines, the director of national intelligence, said at her January confirmation hearing.

Right after the hack was announced, the Treasury Department bypassed its normal competitive contracting process to hire the private security firm CrowdStrike, U.S. contract records show. The department declined to comment. Sen. Ron Wyden, D-Ore., has said that dozens of email accounts of top officials at the agency were hacked.

The Social Security Administration hired FireEye to do an independent forensic analysis of its network logs. The agency had a “backdoor code” installed like other SolarWinds customers, but “there were no indicators suggesting we were targeted or that a future attack occurred beyond the initial software installation,” spokesperson Mark Hinkle said.

Sen. Mark Warner, a Virginia Democrat who chairs the Senate Intelligence Committee, said the hack has highlighted several failures at the federal level but not necessarily a lack of expertise by public sector employees. Still, “I doubt we will ever have all the capacity we’d need in-house,” he said.

There have been some new cybersecurity measures taken in recent months. In the defense policy bill that passed in January, lawmakers created a national director of cybersecurity, replacing a position at the White House that had been cut under Trump, and granted CISA the power to issue administrative subpoenas as part of its efforts to identify vulnerable systems and notify operators.

The legislation also granted CISA increased authority to hunt for threats across the networks of civilian government agencies, something Langevin said they were only previously able to do when invited.

“In practical terms, what that meant is they weren’t invited in because no department or agency wants to look bad,” he said. “So you know what was happening? Everyone was sticking their heads in the sand and hoping that cyberthreats were going to go away.”

___

Suderman reported from Richmond, Va.

Recommended Stories

  • DA son seeks release of father imprisoned in fatal '81 heist

    David Gilbert went to prison a revolutionary, raising his fist and scorning authorities who prosecuted him for an infamous 1981 armored truck robbery in which a guard and two police officers were killed. “As long as I can remember, I’ve known that the most likely scenario is that my father is going to die in prison,” said Chesa Boudin, sworn in as district attorney last year. Boudin ran a progressive campaign in which he said visiting his parents Kathy Boudin and Gilbert in prison showed him the criminal justice system was broken.

  • Mafia mobster who ran criminal organisation from cell dies in prison

    Raffaele ‘the Professor’ Cutolo spent over 50 years locked up

  • GOP's Thune says Trump allies engaging in 'cancel culture'

    U.S. Sen. John Thune is criticizing Republican activists and party leaders for engaging in “cancel culture” by rushing to censure GOP senators who found former President Donald Trump guilty of inciting an insurrection. In his first interview since he voted to acquit Trump, the Senate's No. 2 Republican on Thursday defended fellow Republicans who sided with Democrats on the “vote of conscience” and warned against shutting out dissenting voices in the party.

  • Official: U.S. won't donate vaccines to other countries until most Americans are inoculated

    While the United States is expected to pledge $4 billion to help with global vaccine efforts, the Biden administration will not donate any of the country's doses until most Americans are vaccinated, a senior official told reporters on Thursday. The official said the U.S. is "focused on American vaccinations and getting shots into arms here" while also "determining the timeline when we will have a sufficient supply in the United States and be able to donate surplus vaccines." On Tuesday, President Biden said he expects every American who wants a vaccine will be able to get one by July. Worldwide, just 10 countries have administered 75 percent of all vaccines, with 150 countries yet to receive even a single dose. The distribution of vaccines has been "wildly uneven and unfair," UN Secretary General António Guterres said on Wednesday, and "vaccine equity is the biggest moral test before the global community." French President Emanuel Macron on Thursday called on the U.S. and European nations to donate up to five percent of the vaccine doses they have ordered. Biden is set to announce the $4 billion funding for global vaccine efforts during Friday's Group of 7 virtual meeting. The first $2 billion will be used to purchase vaccine doses for 92 countries, with the rest donated over the next two years to increase vaccine manufacturing and delivery, Politico reports. More stories from theweek.comThe chilling tributes to Rush LimbaughDemocrats introduce bill to bar 'twice impeached' presidents from Arlington Cemetery burialText messages appear to show how quickly Ted Cruz's ill-advised Cancun trip was planned

  • Myanmar coup: Woman shot during anti-coup protests dies

    Mya Thwe Thwe Khaing, 20, is the first protester to die since the 1 February coup.

  • Biden promises to ‘restore justice and humanity’ to immigration as Democrats unveil Citizenship Act

    President Joe Biden said Donald Trump’s “misguided policies have exacerbated the already broken immigration system and highlighted the critical need for reform” as the president announced the introduction of his sweeping immigration legislation in Congress. The president’s US Citizenship Act, ushered into Congress by Senator Bob Menendez and US Rep Linda Sanchez, proposes an eight-year path to citizenship for 11 million immigrants and grant green cards to migrant farmworkers, young people who arrived in the US as children, and immigrants with temporary protected status.

  • Russian court sentences activist under law on 'undesirables'

    A Russian court on Thursday handed a suspended sentence to an activist accused of membership of an “undesirable” organization, part of the authorities’ effort to tighten control over the nation's political scene. Anastasia Shevchenko, 41, was accused of engaging in political activities under the aegis of Open Russia, a group funded by self-exiled Russian tycoon Mikhail Khodorkovsky. Khodorkovsky moved to London after spending 10 years in prison in Russia on charges widely seen as political revenge for challenging Putin’s rule.

  • Brainard: Fed wants maximum employment, growth that is "sustainable"

    The Federal Reserve's emerging focus on climate change won't lessen its focus on achieving maximum employment, Fed Governor Lael Brainard said on Thursday in response to questions about whether a transition away from carbon-based fuel will kill jobs. The Fed will be focused on long-term risks of climate change but also how the transition to a less carbon-dependent economy "might affect our economic growth over the medium to long term," Brainard said in comments to an Institute of International Finance summit on climate change.

  • Butler's 3rd straight triple-double paces Heat past Kings

    Jimmy Butler had 13 points, 13 assists and 10 rebounds for his third consecutive triple-double, and the Miami Heat beat the Sacramento Kings 118-110 to end a three-game losing streak on Thursday night. Bam Adebayo also had a triple-double with 16 points, 10 assists and 12 rebounds to help Miami to its first win in Sacramento in nearly five years. Tyler Herro scored 27 points and Kelly Olynyk added a season-high 22 points and seven rebounds.

  • 'Mercenary' donor gets 12 years in campaign finance scheme

    A once high-flying political fundraiser who prosecutors said gave illegal campaign contributions to Joe Biden, Lindsey Graham and a host of other U.S. politicians was sentenced Thursday to 12 years behind bars. Imaad Zuberi, who was accused of ingratiating himself with politicos in both major parties and peddling the resulting influence to foreign governments, pleaded guilty to charges of tax evasion, campaign finance violations and failing to register as a foreign agent. Federal prosecutors described Zuberi, who reports to prison May 25, as a “mercenary” political donor who gave to anyone he thought could help him.

  • Bitcoin is 'economic side show' and poor hedge against stocks: JP Morgan

    Bitcoin is an "economic side show" and a poor hedge against a decline in equity prices, analysts at JP Morgan said in a sobering assessment that could undercut the cryptocurrency's rise to record highs. Current prices are well above JP Morgan's estimates of fair value and the mainstream adoption of bitcoin increases its correlation with cyclical assets, which reduces the benefits of diversifying into bitcoin, the investment bank said in a memo. Bitcoin, the most popular cryptocurrency, last traded at $51,116 on Friday, down from a record high of $52,640 reached on Wednesday.

  • Pelosi says Capitol attack commission must have subpoena power

    House Speaker Nancy Pelosi said on Thursday that the "9/11 style" commission investigating the Jan. 6 attacks on the Capitol must have subpoena powers in order to be successful. The big picture: Subpoena powers will give the commission the ability to call witnesses for testimony — including uncooperative ones. Calls for a commission have grown since impeachment charges against former President Trump failed in the Senate last weekend. Get market news worthy of your time with Axios Markets. Subscribe for free.Republican lawmakers are arguing that the commission will need to be genuinely bipartisan in order to be successful. Minority Leader Kevin McCarthy told The Dispatch Thursday morning that the commission "must be evenly split between both parties."Rep. Liz Cheney also said the commission "needs to have subpoena power" and "should be made up of retired officials from both parties."Over the weekend, Sen. Lindsey Graham, an ardent supporter of Trump's, voiced support for a commission to "make sure it never happens again."More from Axios: Sign up to get the latest market trends with Axios Markets. Subscribe for free

  • Woman shot protesting Myanmar military takeover dies

    A young woman who was shot in the head by police during a protest last week against the military’s takeover of power in Myanmar died Friday morning, her brother said. Mya Thwet Thwet Khine was shot during a demonstration in the capital Naypyitaw on Feb. 9. Video of the shooting showed her sheltering from water cannons and suddenly dropping to the ground after a bullet penetrated a motorcycle helmet she had been wearing.

  • US Weather: Satellite images show record-breaking 73% of country covered in snow

    Dramatic satellite images show more than 70% of the US covered in snow following massive storms

  • Harden, Harris lead streaking Nets past Lakers, 109-98

    James Harden scored 23 points, Joe Harris added 21 with six 3-pointers and the Brooklyn Nets routed the short-handed Los Angeles Lakers 109-98 Thursday night for their season-best fifth straight victory. Kyrie Irving had 16 points and seven rebounds as Brooklyn easily won this matchup of NBA title contenders and improved to 4-0 on a five-game West Coast road trip even without Kevin Durant, who missed his third straight game with a strained left hamstring. “I don’t think we’re getting too carried away,” Brooklyn coach Steve Nash said.

  • Democratic drive for Biden's $1.9 trillion stimulus plan could leave progressive priorities behind

    President Joe Biden's fellow Democrats' drive to hustle his $1.9 trillion coronavirus relief package through the U.S. Congress could leave some priorities of the party's progressive wing, including a $15-per-hour minimum wage, in the dust. As Democrats battled over the wage increase, a dispute also broke out over liberals' call for canceling $50,000 in federal student loan debt for borrowers. The sprawling COVID-19 relief package - which would be one of the largest stimulus measures ever passed by Congress - is Biden's top priority as he grapples with a pandemic that has killed nearly 500,000 Americans, thrown millions out of work and bruised the economy.

  • Trevor Noah and Jimmy Kimmel spin Ted Cruz's Cancun misadventure into jokes, mortification, travel ads

    Half a million Texas households still had no power Thursday and "Texans have been lining up for clean water from public spigots, boiling their own, or even trying to melt snow," Trevor Noah said on Thursday's Daily Show. "But the saddest part is that these people are the lucky ones. Because it turns out one poor Texan had to travel 800 miles just to get heat, water, and electricity." Noah's first question about Sen. Ted Cruz's ill-advised, very short vacation in Cancun is how he could be so stupid. "Look, I get that Ted Cruz is tired — the man deserves a break after trying so hard to overthrow the government — but now is not the time," he said. "What's even worse is that when he got caught, instead of owning up to it and apologizing, he acted like a total Ted Cruz," Noah added. "Seriously, Ted Cruz blaming his daughters for this is just gross. Being a good father means putting them on a bus, not throwing them under one. Although to be fair, maybe Ted Cruz just doesn't know what a good dad is — I mean, his dad killed JFK." The Daily Show did turn Cruz's Cancun misadventure into a fun travel ad. So did Jimmy Kimmel Live, with a "Ted Cruise" vacation package. But first, Kimmel recapped Cruz's "Flyin' Ted" scandal in all its inglorious detail. First, Cruz "loads his family onto a plane to get the hell out of town," and because he's been on TV so much, "everyone recognizes him even with his mask on, they post all these pictures of him, there's so much backlash he has no choice but to immediately book a flight home," he said. Since almost nobody bought Cruz's first excuse for his early return, "Ted decided to kinda come clean," saying he had second thoughts the moment he sat down on the plane. "Yes, yes, as soon as people started posting pictures of him on the plane, he looked up and knew he shouldn't be on the plane, Kimmel said. "How did he think he was going to get away with this? You know your judgment is terrible when this haircut is only the third-worst decision you've made this month." Kimmel interviewed a Ted Cruz blobfish puppet, showed a fake United Airlines ad, and ended up finding a kind of silver lining: "At least his vacation was ruined." More stories from theweek.comThe chilling tributes to Rush LimbaughDemocrats introduce bill to bar 'twice impeached' presidents from Arlington Cemetery burialText messages appear to show how quickly Ted Cruz's ill-advised Cancun trip was planned

  • Coronavirus update: Biden administration increases vaccine doses to states; UK approves first human challenge trial

    Federal government increasing state allotment of vaccines. Meanwhile, U.K. begins first human challenge trials.

  • Biden to visit Pfizer factory as Americans clamor for more COVID-19 vaccine supply

    President Joe Biden heads to Kalamazoo, Michigan, on Friday to visit the Pfizer Inc manufacturing plant that is churning out COVID-19 vaccines, as state and local governments across the country clamor for more. Biden is due to tour Pfizer's largest manufacturing site and its only facility in the United States making the COVID-19 vaccine at a time when less than 15% of the U.S. population is vaccinated. The United States has rolled out ambitious vaccination programs in recent weeks that include large sites capable of putting shots into thousands of arms daily, as well as hospitals and pharmacies.

  • Malaysian court fines news portal over readers' comments on judiciary

    Malaysia's highest court on Friday found news portal Malaysiakini in contempt of court over comments posted by readers deemed offensive to the judiciary, in a case widely seen as a test of media freedom in the Southeast Asian nation. Last year, Malaysia's attorney general filed an application to cite Malaysiakini and editor-in-chief Steven Gan for contempt over five comments posted by readers on its website that it said undermined public confidence in the judiciary.In a six to one decision on Friday, a Federal Court panel found Malaysiakini was fully responsible for publishing the readers' comments that "undermined the system of justice in the country" and fined the news portal 500,000 ringgit ($123,762).