As Biden officials assume responsibility for the investigation into the hack campaign, new evidence unearthed by members of Congress, former federal officials, and Microsoft this week has led to renewed urges in the search for answers.
“This Solar Woods has caused widespread breech concerns for all of us, and frankly, not surprisingly, given what we are getting, which the federal government is good at tackling these types of violations. Not ready, “Sen. Rob Portman, Republican in Ohio, said at a hearing this week.
Amid mounting pressure, the Biden administration is still trying to gain momentum. According to a former senior homeguard security officer, an attempt by Biden staff to understand the full extent of the breech was made before he was taken to office.
“There is a concern that things may get worse,” the former official told CNN.
Meanwhile, there are indications that authorities have only scratched the surface of the scope and scale, a source familiar with the investigation said.
Speaking to reporters on Wednesday, White House press secretary Jane Saki said the administration would “reserve the right to respond to the timing and manner of any cyber-attack pick-up,” but that employees “are only on their computers Were.” She refused to answer a question about whether Biden intended to raise the issue of espionage with Russian President Vladimir Putin.
Computer break-ins will be a focus of the upcoming presidential briefing by the intelligence community, Psaki added.
“President Biden understands the urgency of the crisis in a way that President Trump was not,” said Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee. “And in his first days, (he) is moving forward with the speed of the fitting to investigate it, so that we can take steps to reverse its effects, give Russia a reasonable response, and in future in this way Determine the best way to stop and stop efforts. ” ”
But while there is little disagreement among US officials that the incursion was serious, opinions about the possible response, and what it looks like, will vary.
A US official told CNN that currently evidence suggests that the hack still qualifies as a highly sophisticated foreign intelligence operation and falls short of an act of cyber warfare – a nuanced distinction about appropriate response options Will factor in any discussion.
But that said, there would almost certainly be a cost to this activity, the official said, which is the price to pay for being caught, even if the attack was technically within the line of foreign espionage.
Keith Alexander, a former director of the National Security Agency, told CNN that Biden has a wide range of policy options available to him.
Alexander said, “There are ways in which you can respond to individuals and through diplomatic and economic measures that they should do,” but any response to cyber in the physical space will probably be a major attack on us. Not ready to defend against that. The nation is not ready for that type of cyber engagement. ”
Alexander said Congress should pass legislation to enable the public and private sectors to share threat information, and to provide legal immunity to companies sharing this data.
A DHS official pointed out as an example of the disarray of the leadership of the Trump administration, “I’ve never seen this level empty. It really challenges continuity.” “We will have challenges to replace some talent.”
According to a source familiar with the situation, Rob Silver, a partner at law firm Paul Hastings, is expected to be tapped to lead the CISA in the Biden administration. He served as assistant secretary for cyber policy at DHS during the Obama administration, as well as other senior roles in the department. Silver did not respond to a request for comment.
“The biggest problem is that you don’t have a confirmed secretary,” the former senior DHS official told CNN. “It really sets the trajectory of tone and ability to achieve things.”
Wells said the CISA is “actively involved with the transition team,” with 14 cyber attacks focused on the ongoing cyber incident. In a statement on CNN Friday, he said, “We are committed to seamlessly integrating new members of the Biden administration into the agency, continuing the aggressive effort to understand and respond to this complex cyber campaign.”
A CISA official told CNN that given the length of time that under adverse conditions some networks, remediation – have access to both short-term and long-term reconstruction.
CISA already provided ideas to the Biden team to help develop federal cyber security and overcome the challenges identified by the latest incident. Suggestions, the official said, include: funding for CISA to hunt adverse activity on federal networks; Deployment of new sensors inside federal agencies to detect anomalous activities; And improving the visibility of cloud environments like Office 365.
Officials are also considering creating a civilian program similar to the Pentagon model that helps ensure that third-party partners are meeting cybersecurity standards, but it will be a long-term effort, the official said.