U.S President Joe Biden Rolls Out Action Plan on Cybersecurity Following SolarWinds Hack
The U.S President Joe Biden has rolled out an effective action plan following the SolarWinds hack which left several federal government agencies scrambling to know the true extent of the data breach.
The cyber-attack was noticed by private cybersecurity company FireEye in December. The attack was found to be a wide-ranging intrusion into multiple systems of federal government agencies by a group known as UNC2452, who are suspected to be Russian.
Implementation of the action plans is spearheaded by newly appointed deputy National Security Adviser for Cyber and Emergency Technology, Anne Neuberger. Speaking at a White House press conference, Anne Neuberger stated, “There are two parts to that – them and us. The actor was a sophisticated advanced persistent threat. Advanced: because the level of knowledge they showed about the technology and the way they compromised it truly was sophisticated. Persistent: they focused on the identity part of the network, which is the hardest to clean up. And threat: the scope and scale to networks, to information, makes this more than an isolated case of espionage.”
Further stating; “And then, us: there is a lack of domestic visibility, so, as a country, we choose to have both privacy and security. So, the intelligence community largely has no visibility into private-sector networks. The hackers launched the hack from inside the United States, which further made it difficult for the US government to observe their activity. Even within federal networks, culture and authorities inhibit visibility, which is something we need to address.”
Anne Neuberger over the past few weeks has coordinated a wide-ranging, cross-departmental response. Also ramping up engagement with the cybersecurity community to potentially leverage its visibility and technology. The view is to overcome barriers and disincentives to effective information-sharing in the future. She further pledged to increase investments in the security of federal networks by adopting a more integrated approach to detect and block future threats.
Jonathan Reiber, a former government cyber policy operative under President Obama, agreed with Anne Neuberger on the need to enhance information-sharing and public-private sector collaboration. He stated, “The 2021 NDAA [National Defense Authorization Act] includes a provision for a joint public-private planning centre, which is a good step.” Further stating; “This centre should focus on increasing voluntary, combined cyber defense operations to effectively blunt and disrupt attacks.”
Organizations that have suffered collateral damage following the hack have continued to make themselves known. Notably, Norges Bank Investment Management (NBIM), responsible for running the multibillion-pound national sovereign wealth fund set up to manage Norway’s vast reserves of oil money. The organization had downloaded and installed the tainted Orion platform updates in July 2020, according to its chief governance and compliance officer, Carine Smith Ihenacho. The organization has so far ended its relationship with SolarWinds.
References
https://www.theguardian.com/technology/2021/feb/23/solarwinds-hack-senate-hearing-microsoft
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055