Cybersecurity

Warner: White House 'again' holding back on naming Russia

Sen. Mark Warner (Photo by Mark Reinstein/Shutterstock) 

Sen. Mark Warner (D-Va.) today accused the White House of watering down government statements attributing the SolarWinds Orion hack to Russia.

"We know who it was. And this White House again has watered down the attribution statements that should have been made in one more outrageous effort to constantly underestimate and underreport on Russian activity," Warner said today during a panel at the Aspen Institute.

A White House task force coordinating the government's response to the breach earlier this week said the hackers responsible are "likely Russian in origin."

Warner, the vice on the Senate Select Intelligence Committee, will soon become the SIC chairman as a result of Democrats winning two runoff elections in Georgia this week. The position will put him at the forefront of congressional investigations as well as oversight efforts in the wake of multiple federal networks being breached by Russian intelligence agents.

He said the committee was briefed yesterday on the government's latest findings by representatives from the National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency and Office of the Director of National Intelligence.

Warner also called for a "full sum review" to examine the obligations of public and private sector entities to report major cybersecurity incidents. He suggested a large number of high-profile companies have been affected by the breach in SolarWinds Orion but have chosen to not come forward publicly.

The number of companies, he said, "that have not come forward would surprise the hell out of many" people, Warner said.

Kevin Mandia, CEO of the cybersecurity firm FireEye, speaking during the same panel explained how his company initially became aware of an intrusion on their own networks. FireEye is credited with discovering the backdoor vulnerability in SolarWinds Orion as well as publicly announcing a breach in their own networks in which their red team tools were stolen.

Mandia said the company noticed an individual accessing FireEye's network through routines means but using a second device. That prompted the company to contact the individual to ask if they registered a new device.

"He said no… We had somebody bypassing our two-factor authentication by registering a new device and accessing our network just like our employees do," Mandia said. The company quickly recognized, "that's the kind of tradecraft most advanced groups would do."

Warner also said more education for lawmakers and the general public is necessary. Comparisons between the SolarWinds hack to other kinds of intrusions such as Russian jets entering U.S. airspace or the infamous NotPetya denial-of-service attack that targeted Ukraine in 2017 are not accurate, he said.

"Is this within the bounds of acceptable espionage?" he said. "We need to at least start with how we define this. Where this falls on this continuum."

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected