Warner: White House 'again' holding back on naming Russia
- By Justin Katz
- Jan 07, 2021
Sen. Mark Warner (D-Va.) today accused the White House of watering down government statements attributing the SolarWinds Orion hack to Russia.
"We know who it was. And this White House again has watered down the attribution statements that should have been made in one more outrageous effort to constantly underestimate and underreport on Russian activity," Warner said today during a panel at the Aspen Institute.
A White House task force coordinating the government's response to the breach earlier this week said the hackers responsible are "likely Russian in origin."
Warner, the vice on the Senate Select Intelligence Committee, will soon become the SIC chairman as a result of Democrats winning two runoff elections in Georgia this week. The position will put him at the forefront of congressional investigations as well as oversight efforts in the wake of multiple federal networks being breached by Russian intelligence agents.
He said the committee was briefed yesterday on the government's latest findings by representatives from the National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency and Office of the Director of National Intelligence.
Warner also called for a "full sum review" to examine the obligations of public and private sector entities to report major cybersecurity incidents. He suggested a large number of high-profile companies have been affected by the breach in SolarWinds Orion but have chosen to not come forward publicly.
The number of companies, he said, "that have not come forward would surprise the hell out of many" people, Warner said.
Kevin Mandia, CEO of the cybersecurity firm FireEye, speaking during the same panel explained how his company initially became aware of an intrusion on their own networks. FireEye is credited with discovering the backdoor vulnerability in SolarWinds Orion as well as publicly announcing a breach in their own networks in which their red team tools were stolen.
Mandia said the company noticed an individual accessing FireEye's network through routines means but using a second device. That prompted the company to contact the individual to ask if they registered a new device.
"He said no… We had somebody bypassing our two-factor authentication by registering a new device and accessing our network just like our employees do," Mandia said. The company quickly recognized, "that's the kind of tradecraft most advanced groups would do."
Warner also said more education for lawmakers and the general public is necessary. Comparisons between the SolarWinds hack to other kinds of intrusions such as Russian jets entering U.S. airspace or the infamous NotPetya denial-of-service attack that targeted Ukraine in 2017 are not accurate, he said.
"Is this within the bounds of acceptable espionage?" he said. "We need to at least start with how we define this. Where this falls on this continuum."
Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.