The ongoing breach of a number of federal and private sector networks likely being committed by Russian hackers has revealed limits to awareness of cyber intrusions within the government and the need to continue to improve the private sector’s willingness to share information with the government, the top White House cyber security official said on Wednesday.
“Even within federal networks, a culture and authorities inhibit visibility, which is something we need to address,” Anne Neuberger, deputy National Security Advisor for Cyber and Emerging Technology on the National Security Council, said in remarks during the daily White House press briefing.
The hack, which was disclosed late in 2019 by the cyber security firm FireEye [FEYE], which itself was breached, was carried out through a compromise of network software provider SolarWinds [SWI] and possibly other vendors as well.
“So, the intelligence community largely has no visibility into private sector networks,” she said. “The hackers launched the hack from inside the United States, which further made it difficult for the U.S. government to observe their activity.”
Neuberger outlined three things the Biden administration is doing in response to the hack. The first is “finding and expelling the adversary,” second is better federal cyber defenses, and third is reviewing options to get back at the hackers, she said.
Hunting down and removing the hackers requires help from the private sector, which the administration is working with, Neuberger said, adding that both government and private sector “network defenders” are working to “find and expel” the perpetrators from all networks.
“They have visibility and technology that is key to understanding the scope and scale of compromise,” she said. “There are legal barriers and disincentives to the private sector sharing information with the government. That is something we need to overcome.”
Uncovering the extent of the breach is being done “layer by layer” and will likely take “several months” to complete, Neuberger said. Progress is being made, she added.
So far, she said nine federal agencies and about 100 companies, many of which are in the technology sector, have been compromised. About 18,000 “entities” downloaded the software patches that contained the malware that resulted in the compromises, she said.
Modernizing federal cyber defenses will require more “investment and more of an integrated approach to detect and block such threats,” Neuberger said.
“If you can’t see a network, you can’t defend a network,” she said.
An ongoing review of the reach will result in an “executive action” to address security gaps, she said.
As for responding to the hack, Neuberger didn’t offer anything new other than to day “discussions are underway,” and that the administration is considering all options, which is essentially what the prior Trump and Obama administrations had to say in how they would respond to breaches by nation-state actors.
“This isn’t the only case of malicious cyber activity of likely Russian origin for us or for our allies and partners,” Neuberger said. “So, as we contemplate future response options, we’re considering holistically what those activities were.”
The hack is believed to be orchestrated by Russia’s foreign intelligence service for purposes of espionage. However, Neuberger warned that the intrusion could have sinister potential.
Given the “scope and scale” of the breach in the federal and private sectors, “it is more that a single incident of espionage,” she said. “It’s fundamentally of concern for the ability for this to become disruptive.”