Lawmakers claim the bill is the widest expansion of CISA through legislation since the SolarWinds incident. Among other features, the NDAA authorizes CISA’s program to monitor IT and OT networks of critical infrastructure partners; and codifies a program providing businesses and state and local governments with model exercises to test their critical infrastructure.
Lawmakers started the hearing by criticizing Amazon representatives, who they said were invited to testify and whose servers were used to launch the cyberattack, for declining to attend the hearing.
Neuberger notably said the attack, which compromised „9 federal agencies and about 100 private companies,“ was launched from inside the United States.
SolarWinds shares are down 1.4%. Two security names closely tied to the hack, FireEye (FEYE -3.2%) and CrowdStrike (CRWD -2.5%), are also in the red.
The US government’s probe into the devastating SolarWinds breach is likely to take „several months“ at least, according to the top White House cybersecurity official, speaking to reporters Wednesday in the Biden administration’s first public assessment of the gravity of the suspected Russian spying campaign.
Nach einem schweren Hackerangriff auf Behörden und Institutionen in den USA ist nach wie vor unklar, wer dahinter steckt.
Trump’s comments in the form of Twitter posts on Saturday went against comments his secretary of state made less than 24 hours earlier.
SolarWinds, the company at the center of the attack, has not yet blamed any one country.
Sen. Angus King (I-Maine) said the breach makes a clear case for the work of the Cyberspace Solarium Commission and the cyber provisions that made it into the annual defense policy bill passed by the House and Senate.
“This is the most important bill on cyber ever passed by Congress, and that’s why I’m really hoping that the president will either sign the bill or let it become law without a signature, because there is so much critically important material in the bill,” King said during an annual summit hosted by Defense One.
The Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to „develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.“ The finished report was presented to the public on March 11, 2020.
The Cyberspace Solarium Commission’s proposes a strategy of layered cyber deterrence. Our report consists of over 80 recommendations to implement the strategy. These recommendations are organized into 6 pillars:
– Reform the U.S. Government’s Structure and Organization for Cyberspace.
– Strengthen Norms and Non-Military Tools.
– Promote National Resilience.
– Reshape the Cyber Ecosystem.
– Operationalize Cybersecurity Collaboration with the Private Sector.
– Preserve and Employ the Military Instrument of National Power.
Der Angriff weitet sich stetig aus. Nicht nur werden immer mehr Betroffene bekannt, darunter die US-Atombehörde und der Softwarehersteller Microsoft, es wurde zudem offenbar weitere Software für die laut US-Behörden sehr ausgefeilten Angriffe manipuliert.
The massive defense bill that President Donald Trump is threatening to veto contains provisions for increased cybersecurity, which has taken on significantly more importance in the wake of a massive cyberattack on federal agencies at the hands of suspected Russian hackers.
The National Defense Authorization Act includes pay raises for America’s soldiers, modernizations for equipment and provisions to require more scrutiny before troops are withdrawn from Germany or Afghanistan.
„As I said in a news briefing, Election Day was ‘just another Tuesday on the Internet,’“ he wrote. „Normal sorts of scanning and probing were happening, but we did not see any successful attacks or damaging disruptions.“
Yet hackers were arms deep in a slew of federal agencies. The infiltration, believed to have been conducted by the Russians, appears to have compromised the Departments of Energy, State, Defense, Homeland Security, Treasury and Commerce. His name did not appear in CNN’s story about CISA and the hack published Thursday.
In the end, this all reminds us how much power Microsoft has at its disposal. Between its control of the Windows operating system, its robust legal team, and its position in the industry, it has the power to change the world nearly overnight if it wants to. And when it chooses to train that power on an adversary, it really is the equivalent of the Death Star: able to completely destroy a planet in a single blast.
According to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company’s network.
The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).
„Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign,“ the US intelligence agencies said …
Though it’s not clear whether it uses the Orion tool, the DHS’s own Cybersecurity and Infrastructure Security Agency (CISA) is a SolarWinds customer too, buying $45,000-worth of licenses in 2019. The U.S. Cyber Command also spent over $12,000 on SolarWinds tools in the same year.
SolarWinds, a publicly-listed Austin, Texas-based company with a value of over $6 billion, has its own customer list, though it doesn’t break down which products clients use. That list includes more than 425 of the Fortune 500, all major US telecoms providers, the top five U.S. accounting firms, hundreds of global universities, the NSA and the White House.
In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.
Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software. The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies.