Senators criticize the ‘disjointed and disorganized’ SolarWinds hack response

Intelligence Committee chiefs call for coordinated action

Close up of Senator Marco Rubio speaking

The Senate Intelligence Committee heads have urged the White House to appoint a single person to handle the SolarWinds hack fallout. They’ve also called for the government to invoke an Obama-era policy that coordinates a government-wide response to large cyber attacks.

In a letter to key government agencies, Committee chairman and vice-chairman Mark Warner and Marco Rubio warned that a poorly coordinated response to the SolarWinds hack had placed the US in danger.

"We are writing to urge you to name and empower a clear leader in the United States' response to the SolarWinds cyber breach that has affected numerous federal agencies, and thousands of other private sector entities," Said senators Warner and Rubio in the letter. "The federal government's response so far has lacked the leadership and coordination warranted by a significant cyber event, and we have little confidence that we are on the shortest path to recovery."

The senators addressed the letter to Director of National Intelligence Avril Haines, National Security Agency Director Paul M Nakasone, Federal Bureau of Investigation Director Christopher Wray, and Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency. They criticized the intelligence community for briefings that showed a "disjointed and disorganized response" and making it more likely that critical tasks would fall through the cracks.

"The threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed," the letter continued.

Related Resource

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Download now

The senators also highlighted Presidential Policy Directive-41, which sets out a response framework to handle this magnitude cyber security incident. Passed under President Obama in July 2016, this document establishes lead agencies for the response effort.

Under these rules, a Cyber Response Group can coordinate the development and implementation of policy and strategy to handle significant cyber events. It can also establish a Cyber Unified Coordination Group (CUCG) to coordinate operations between various agencies when handling significant events like the SolarWinds hack. 

Under its guidance, any federal agencies involved in the response must devote staff and resources to support the CUCG. The Department of Justice (DoJ) becomes the lead agency for threat response, the Department of Homeland Security handles asset response, and the Office of the Director of National Intelligence leads intelligence support.

Responding to a query from NBC, a spokesperson for the National Security Council said that Anne Neuberger, a deputy national security adviser in charge of cyber policy, had been coordinating the SolarWinds hack response since the first day of the administration.

The US has blamed Russia for the SolarWinds hack, which officials now believe first breached federal systems in September 2019.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Senators question the privacy of cameras in Amazon delivery vans
privacy

Senators question the privacy of cameras in Amazon delivery vans

4 Mar 2021
CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers
Security

CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers

4 Mar 2021
IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021