Cybersecurity

White House sanctions Russia over SolarWinds campaign, election interference

global security (welcomia/Shutterstock.com) 

The White House on Thursday announced a range of sanctions against Russia to punish the Kremlin for its involvement in the hacking campaign against SolarWinds and its efforts to influence the presidential election.

The sanctions, the first formal retaliation the United States has announced since discovering nine federal networks were breached by Russian foreign intelligence agents, targets six technology companies that support the country’s spy services. The sanctions also prohibit U.S. financial institutions from doing business with the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation or the Ministry of Finance of the Russian Federation. The administration is also expelling 10 Russian intelligence officers working in Washington.

“Today the United States is formally naming the Russian Foreign Intelligence Service (SVR)… as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures,” according to a White House statement. “The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.”

The White House seemed to signal the coming sanctions earlier this week when, during a phone call with President Vladimir Putin on Tuesday, Biden told the Russian president the U.S. would act “firmly in defense of its national interests in response to Russia’s actions, such as cyber intrusions and election interference,” according to a read out from the White House.

A Kremlin spokesman told the Washington Post on Thursday Russia views the sanctions as illegal and would retaliate.

“We condemn any sanction aspirations. We believe they are illegal. In any case, the principle of reciprocity applies in this case. Reciprocity will meet our interests in the best possible way,” said Dmitry Peskov.

A handful of U.S. allies on Thursday voiced support of the White House’s announcement through a NATO statement. “NATO Allies support and stand in solidarity with the United States, following its 15 April announcement of actions to respond to Russia’s destabilising activities,” according to the statement.

“All available evidence points to Russia’s responsibility for the #SolarWinds hack. #Russia continues to demonstrate a pattern of destabilising behaviour, and all #NATO Allies stand in solidarity with the U.S. following its announcement today,” NATO Secretary General Jens Stoltenberg tweeted.

"This is a positive, welcome step towards adding more friction to Russian operations,” FireEye CEO Kevin Mandia said in a statement on Thursday. “Simply naming the SVR, as well as the corporations that support it will inform our defense. Unfortunately, we are unlikely to fully deter cyber espionage and we will have to take serious action to better defend ourselves from inevitable future intrusions.” FireEye is credited with initially discovering the breach into SolarWinds.

“Today is huge, precedent-setting day for attributing Russian intelligence operations, both cyber operations narrowly defined, but also influence operations and active measures," Thomas Rid, a professor of strategic studies at John Hopkins University, commented on Twitter.

Around the same time the White House made the announcement, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI published a joint advisory warning of five vulnerabilities in different software that Russian intelligence services are actively exploiting.

“This advisory is being released alongside the U.S. Government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign,” the agencies said. “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

The sanctions come the same week that the administration’s top intelligence chiefs are testifying on Capitol Hill about their newly released worldwide threat assessment. The report takes note of Russia’s campaign against SolarWinds and warns that the United States’ primary adversaries are all increasing their activities in cyberspace.

The intelligence chiefs testified to the Senate Select Committee on Intelligence Wednesday and are scheduled to talk to House lawmakers on Thursday.

Note: This article was updated on April 15 to add comments from Mandia and Rid.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/Shutterstock.com)

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected