Nach einem schweren Hackerangriff auf Behörden und Institutionen in den USA ist nach wie vor unklar, wer dahinter steckt.
Trump’s comments in the form of Twitter posts on Saturday went against comments his secretary of state made less than 24 hours earlier.
SolarWinds, the company at the center of the attack, has not yet blamed any one country.
Sen. Angus King (I-Maine) said the breach makes a clear case for the work of the Cyberspace Solarium Commission and the cyber provisions that made it into the annual defense policy bill passed by the House and Senate.
“This is the most important bill on cyber ever passed by Congress, and that’s why I’m really hoping that the president will either sign the bill or let it become law without a signature, because there is so much critically important material in the bill,” King said during an annual summit hosted by Defense One.
The Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to „develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.“ The finished report was presented to the public on March 11, 2020.
The Cyberspace Solarium Commission’s proposes a strategy of layered cyber deterrence. Our report consists of over 80 recommendations to implement the strategy. These recommendations are organized into 6 pillars:
– Reform the U.S. Government’s Structure and Organization for Cyberspace.
– Strengthen Norms and Non-Military Tools.
– Promote National Resilience.
– Reshape the Cyber Ecosystem.
– Operationalize Cybersecurity Collaboration with the Private Sector.
– Preserve and Employ the Military Instrument of National Power.
Der Angriff weitet sich stetig aus. Nicht nur werden immer mehr Betroffene bekannt, darunter die US-Atombehörde und der Softwarehersteller Microsoft, es wurde zudem offenbar weitere Software für die laut US-Behörden sehr ausgefeilten Angriffe manipuliert.
The massive defense bill that President Donald Trump is threatening to veto contains provisions for increased cybersecurity, which has taken on significantly more importance in the wake of a massive cyberattack on federal agencies at the hands of suspected Russian hackers.
The National Defense Authorization Act includes pay raises for America’s soldiers, modernizations for equipment and provisions to require more scrutiny before troops are withdrawn from Germany or Afghanistan.
„As I said in a news briefing, Election Day was ‘just another Tuesday on the Internet,’“ he wrote. „Normal sorts of scanning and probing were happening, but we did not see any successful attacks or damaging disruptions.“
Yet hackers were arms deep in a slew of federal agencies. The infiltration, believed to have been conducted by the Russians, appears to have compromised the Departments of Energy, State, Defense, Homeland Security, Treasury and Commerce. His name did not appear in CNN’s story about CISA and the hack published Thursday.
The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).
„Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign,“ the US intelligence agencies said …
Though it’s not clear whether it uses the Orion tool, the DHS’s own Cybersecurity and Infrastructure Security Agency (CISA) is a SolarWinds customer too, buying $45,000-worth of licenses in 2019. The U.S. Cyber Command also spent over $12,000 on SolarWinds tools in the same year.
SolarWinds, a publicly-listed Austin, Texas-based company with a value of over $6 billion, has its own customer list, though it doesn’t break down which products clients use. That list includes more than 425 of the Fortune 500, all major US telecoms providers, the top five U.S. accounting firms, hundreds of global universities, the NSA and the White House.
Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software. The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies.
Domestically, the potential targeting of American citizens as foreign actors or agents was moved forward by Bill Barr’s Justice Department in June, in response to the Minneapolis riots, Barr released a statement naming “Antifa and other similar groups” as possible targets of its 56 regional FBI Joint Terrorism Task Forces (JTTF) offices. In the same statement the top prosecutor invoked the National Guard, which would be “deployed on the streets to reestablish law and order” if necessary.