Senators criticize the ‘disjointed and disorganized’ SolarWinds hack response

Intelligence Committee chiefs call for coordinated action

Close up of Senator Marco Rubio speaking

The Senate Intelligence Committee heads have urged the White House to appoint a single person to handle the SolarWinds hack fallout. They’ve also called for the government to invoke an Obama-era policy that coordinates a government-wide response to large cyber attacks.

In a letter to key government agencies, Committee chairman and vice-chairman Mark Warner and Marco Rubio warned that a poorly coordinated response to the SolarWinds hack had placed the US in danger.

"We are writing to urge you to name and empower a clear leader in the United States' response to the SolarWinds cyber breach that has affected numerous federal agencies, and thousands of other private sector entities," Said senators Warner and Rubio in the letter. "The federal government's response so far has lacked the leadership and coordination warranted by a significant cyber event, and we have little confidence that we are on the shortest path to recovery."

The senators addressed the letter to Director of National Intelligence Avril Haines, National Security Agency Director Paul M Nakasone, Federal Bureau of Investigation Director Christopher Wray, and Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency. They criticized the intelligence community for briefings that showed a "disjointed and disorganized response" and making it more likely that critical tasks would fall through the cracks.

"The threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed," the letter continued.

Related Resource

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify - whitepaper from IBMDownload now

The senators also highlighted Presidential Policy Directive-41, which sets out a response framework to handle this magnitude cyber security incident. Passed under President Obama in July 2016, this document establishes lead agencies for the response effort.

Under these rules, a Cyber Response Group can coordinate the development and implementation of policy and strategy to handle significant cyber events. It can also establish a Cyber Unified Coordination Group (CUCG) to coordinate operations between various agencies when handling significant events like the SolarWinds hack. 

Under its guidance, any federal agencies involved in the response must devote staff and resources to support the CUCG. The Department of Justice (DoJ) becomes the lead agency for threat response, the Department of Homeland Security handles asset response, and the Office of the Director of National Intelligence leads intelligence support.

Responding to a query from NBC, a spokesperson for the National Security Council said that Anne Neuberger, a deputy national security adviser in charge of cyber policy, had been coordinating the SolarWinds hack response since the first day of the administration.

The US has blamed Russia for the SolarWinds hack, which officials now believe first breached federal systems in September 2019.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021
Microsoft brings passwordless security to consumer accounts
Microsoft Windows

Microsoft brings passwordless security to consumer accounts

16 Sep 2021
DoJ fines former intel operatives who provided hacker-for-hire services to UAE
hacking

DoJ fines former intel operatives who provided hacker-for-hire services to UAE

15 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021