WASHINGTON — President Joe Biden is likely to address the various security gaps that led to the SolarWinds hack that has thus far exposed at least nine U.S. federal agencies and about 100 U.S. companies, Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, said Wednesday.
“We are working on close to about a dozen things; likely eight will pass. They’ll be part of an upcoming executive action to address the gaps we’ve identified in our review of this incident,” Neuberger said at her first White House briefing since being named to coordinate the U.S. government response to the hack.
Those actions are part of a three-step process to find and remove malware, fix gaps in security and design a response, Neuberger said.
Cybersecurity experts have said the hack is one of the most devastating cyberattacks ever perpetrated. Russian intelligence agency hackers are said to have gained access to servers belonging to network computer management software maker SolarWinds and inserted malware into the software that was then downloaded by at least 18,000 customers of the company, including U.S. government agencies and Fortune 500 companies.
The cleanup effort could take months and could identify more victims, even as new attacks emerge, Neuberger said.
“The scale of the potential access far exceeded the number of known compromises,” she said. “Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions.
“We believe we’re in the beginning stages of understanding the scope and scale, and we may find additional compromises,” she said.
Files, emails and other material on the networks of companies and agencies that have been affected may be compromised, and the investigation underway aims to find the true scope of the exposure, Neuberger said.
The attackers were so sophisticated that they focused on the “identity part of the network, which is the hardest to clean up,” Neuberger said.
Network identity is the part of a network that’s used by technology managers to decide if a particular set of computers is legitimate and therefore should be granted access.
Although lawmakers have criticized U.S. intelligence agencies for not being aware of the attack, which was only found when cybersecurity research company FireEye disclosed it in December, Neuberger said U.S. agencies are prohibited by law from spying on domestic networks.
“The hackers launched the hack from inside the United States, which further made it difficult for the U.S. government to observe their activity, even within federal networks,” she said.
As for a U.S. government response to the Russian hack, Neuberger said the administration was viewing it as more than just one incident.
“When there is a compromise of this scope and scale, both across government and across the technology sector … (that could) lead to follow-on intrusions. It’s more than a single incident of espionage,” Neuberger said.
