The cyber breach federal agencies are cleaning up from could go down as the biggest and most damaging breach in history. The fingerprints on the attack point to a long-time adversary of the United States.
The FBI has determined the cyberattack seems to have come from the SVR, the Russian intelligence agency, said Suzanne Spaulding, Senior Adviser for Homeland Security at CSIS and former Under Secretary for the National Protection and Programs Directorate (now called the Cybersecurity and Infrastructure Security Agency) at the Department of Homeland Security. It is unclear whether it was a group we already know about or a new group with new tactics.
Spaulding said CISA is responsible for asset response, helping to immediately mitigate the damage and get information out to the impacted groups so they can understand how it happened and mitigate it.
She added that the White House also has an important role of bringing together coordinating groups to develop plans, share knowledge about what we know, and draw on the knowledge of the private sector to help understand the situation. The Intelligence Community is also doing everything it can to understand what has happened.
At this point, we know the adversaries have been able to get into important government networks, but we do not fully understand what data was compromised, said Jack Wilmer, CEO of Core4ce LLC and former CISO and Deputy Chief Information Officer for Cybersecurity at the Department of Defense. “There’s so much we don’t know yet,” Spaulding said.
The breach is of huge potential scale and may have affected 18,000 organizations, Wilmer said. He said that according to CISA’s latest advisory, the SolarWinds Orion compromise was not the only initial vector in that this adversary has used, which means the scope could become even bigger.
Spaulding said this cyberattack is a reminder that a determined nation-state adversary, given enough time, will be able to break into your system. Operating under this assumption is difficult and starts with identifying which assets are of high value to the adversary, she explained.
Attribution for the attack will be an important topic that people will likely focus on “once we’ve gotten through the triage of responding to the actual incident,” said Wilmer. “There’s a couple vectors that we’ll probably look at.”