WH cyber chief: SolarWinds hack clean-up underway

White House cyber security official warns of continued fallout from the SolarWinds hack. Anne Neuberger says while "the remediation, the fix and cleanup work is underway already," roughly 18,000 companies had downloaded the malicious software. (Feb. 17)

Video Transcript

ANNE NEUBERGER: An advanced persistent threat actor, likely of Russian origin, was responsible. As of today, nine federal agencies and about 100 private sector companies were compromised. As you know, roughly 18,000 entities downloaded the malicious update. So the scale of potential access far exceeded the number of known compromises.

Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions. This is challenging. This is a sophisticated actor who did their best to hide their tracks. We believe it took them months to plan and execute this compromise. It'll take us some time to uncover this layer by layer.

We're absolutely committed to reducing the risk this happens again. If you can't see a network, you can't defend a network. And federal network cybersecurity need investment and more of an integrated approach to detect and block such threats. We're also working on close to about a dozen things, likely eight will pass, that will be part of an upcoming executive action to address the gaps we've identified in our review of this incident.

- Some discussion that entire networks are going have to be scrapped and rebuilt, essentially, from the ground-up. I know, you know, you don't want to get into the specifics of a timeline, but are we talking about years potentially to try and secure some of these networks going forward?

ANNE NEUBERGER: We certainly don't have years. It's wise when planning in cybersecurity to consider the worst case, particularly when you're dealing with such a sophisticated attacker in that way. So we know we don't have years. And the remediation, the fix and clean up work is underway already. And we'll be doing it in a careful way to ensure that we lock down layer by layer. But we know it's going to be a lot shorter than that.