At the WH press briefing, deputy national security advisor gives an update on the SolarWinds hack

During the White House press briefing on Wednesday deputy national security advisor for cyber and emerging technology Anne Neuberger gave an update on the investigation into the SolarWinds hack, which officials say compromised government and private industry computer systems and was backed by Russia.

Video Transcript

ANNE NEUBERGER: So first, what happened? Hackers launched a broad and indiscriminate effort to compromise the network management software used by both government and the private sector. The intelligence community is looking at who is responsible. Until that study is complete, I'll use the language we previously used, which was to say an advanced persistent threat actor, likely of Russian origin, was responsible.

As of today, nine federal agencies and about 100 private sector companies were compromised. As you know, roughly 18,000 entities downloaded the malicious update. So the scale of potential access far exceeded the number of known compromises. Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions.

So why does this matter? Why is this significant? The techniques that were used lead us to believe that any files or emails on a compromised network were likely to be compromised. The scope and scale of our investigation is underway and we look forward to providing you future updates in the future.

So how did this happen? There's two parts to that-- them and us. The actor was a sophisticated, advanced, persistent threat. Advanced-- because the level of knowledge they showed about the technology and the way they compromised it truly was sophisticated. Persistent-- they focused on the identity part of the network, which is the hardest to clean up. And threat-- the scope and scale to networks, to information, makes this more than an isolated case of espionage.

And then us-- there's a lack of domestic visibility. So as a country, we choose to have both privacy and security. So the intelligence community largely has no visibility into private sector networks. The hackers launched the hack from inside the United States, which further made it difficult for the US government to observe their activity. Even within federal networks, a culture and authorities inhibit this ability, which is something we need to address. I want to take a moment to thank the public and private sector network defenders who've been working very hard to find and expel these adversaries from both government and private sector networks.

So finally, and most significantly, what are we going to do about it? Three things. First, finding and expelling the adversary. Second, building back better to modernize federal defenses and reduce the risk of this happening again. And finally, potential response options to the perpetrators. So first, finding and expelling the adversary. We're coordinating the interagency response from the National Security Council. I was on the Hill last week, had Hill discussions this week, and will be on the Hill next week, as well.

We're working closely with daily conversations with our private sector partners. They have visibility and technology that is key to understanding the scope and scale of compromise. There are legal barriers and disincentives to the private sector sharing information with the government that is something we need to overcome. And then finally, this is challenging. This is a sophisticated actor who did their best to hide their tracks. We believe it took them months to plan and execute this compromise. It'll take us some time to uncover this layer by layer.

Second, building back better to modernize federal defenses-- we're absolutely committed to reducing the risk this happens again. If you can't see a network, you can't defend a network. And federal networks, cybersecurity need investment and more of an integrated approach to detect and block such threats. We're also working on close to about a dozen things. Likely eight will pass and be part of an upcoming executive action to address the gaps we've identified in our review of this incident.

And finally, in terms of response to the perpetrator, discussions are underway. I know some of you will want to know what kind of options are being contemplated. What I will share with you is how I frame this in my own mind. This isn't the only case of malicious cyber activity of likely Russian origin, either for us for our allies and partners. So as we contemplate future response options, we're considering holistically what those activities were.