IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Senators criticize the ‘disjointed and disorganized’ SolarWinds hack response

Intelligence Committee chiefs call for coordinated action

Close up of Senator Marco Rubio speaking

The Senate Intelligence Committee heads have urged the White House to appoint a single person to handle the SolarWinds hack fallout. They’ve also called for the government to invoke an Obama-era policy that coordinates a government-wide response to large cyber attacks.

In a letter to key government agencies, Committee chairman and vice-chairman Mark Warner and Marco Rubio warned that a poorly coordinated response to the SolarWinds hack had placed the US in danger.

"We are writing to urge you to name and empower a clear leader in the United States' response to the SolarWinds cyber breach that has affected numerous federal agencies, and thousands of other private sector entities," Said senators Warner and Rubio in the letter. "The federal government's response so far has lacked the leadership and coordination warranted by a significant cyber event, and we have little confidence that we are on the shortest path to recovery."

The senators addressed the letter to Director of National Intelligence Avril Haines, National Security Agency Director Paul M Nakasone, Federal Bureau of Investigation Director Christopher Wray, and Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency. They criticized the intelligence community for briefings that showed a "disjointed and disorganized response" and making it more likely that critical tasks would fall through the cracks.

"The threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed," the letter continued.

Related Resource

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify - whitepaper from IBMDownload now

The senators also highlighted Presidential Policy Directive-41, which sets out a response framework to handle this magnitude cyber security incident. Passed under President Obama in July 2016, this document establishes lead agencies for the response effort.

Under these rules, a Cyber Response Group can coordinate the development and implementation of policy and strategy to handle significant cyber events. It can also establish a Cyber Unified Coordination Group (CUCG) to coordinate operations between various agencies when handling significant events like the SolarWinds hack. 

Under its guidance, any federal agencies involved in the response must devote staff and resources to support the CUCG. The Department of Justice (DoJ) becomes the lead agency for threat response, the Department of Homeland Security handles asset response, and the Office of the Director of National Intelligence leads intelligence support.

Responding to a query from NBC, a spokesperson for the National Security Council said that Anne Neuberger, a deputy national security adviser in charge of cyber policy, had been coordinating the SolarWinds hack response since the first day of the administration.

The US has blamed Russia for the SolarWinds hack, which officials now believe first breached federal systems in September 2019.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

NOAA unveils two new supercomputers in effort to better predict extreme weather
high-performance computing (HPC)

NOAA unveils two new supercomputers in effort to better predict extreme weather

29 Jun 2022
Google aims to court US public sector with new division
public sector

Google aims to court US public sector with new division

29 Jun 2022
Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022

Most Popular

Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Xerox CEO John Visentin dies unexpectedly aged 59
Careers & training

Xerox CEO John Visentin dies unexpectedly aged 59

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022