Hackers gained access to DHS Officials Email accounts belonging to Donald Trump’s Administration’s Head of the Department of Homeland Security and members of the Department’s Cybersecurity Staff whose job included hunting threats from foreign countries: Associated Press.
The intelligence value about the hacking of then-acting Secretary Chad Wolf and his staff are not publicly known, but the symbolism is stark. DHS accounts were accessed as part of what’s known as the SolarWinds violation. Does it beg how the US government can protect individuals, companies, and institutions across the country if it can’t defend itself?
The concise answer for most security experts and federal officials is that it cannot work without essential modifications.
“The SolarWinds hack was a victory for our foreign adversaries and a failure for DHS,” said Senator Rob Portman of Ohio, top Republican on the Senate’s Homeland Security and Governmental Affairs Committee. “We are talking about DHS’s crown jewels.”
The Administration has tried to keep a tight lid on the SolarWinds attack scope as it weighs retaliatory stratagems against Russia. But an inquiry by the Associated Press found new aspects about the breach at DHS and other agencies, including the Energy Department, where cybercriminals accessed uppermost officials’ schedules.
The Associated Press interviewed more than a dozen current and former US government officials, who expressed their feelings on the condition of anonymity because of the confidential nature of the ongoing investigation into the hack.
In particular, the vulnerabilities at Homeland Security intensify the concerns following the SolarWinds attack and an even more extensive hack affecting Microsoft Exchange’s email program, especially because in both cases, the cybercriminals were not detected by the government but by a private company.
In December, officials identified what they describe as a sprawling months-long cyberespionage effort done mainly through a hack of widely used software from Texas-based SolarWinds Inc. At least about nine federal agencies were hacked, along with dozens of private-sector companies.
US authorities have stated that the breach appeared to be the work of Russian hackers. Gen. Paul Nakasone, leader of the Pentagon’s Cyber Force, said last week that the Administration considers a “range of options” in response. Russia has denied any role in the DHS Hack.
Since then, a series of headline-grabbing hacks have highlighted vulnerabilities in the US public and private sectors. A Cybercriminal tried unsuccessfully to poison the water supply of a small town in Florida in February. This month, another new breach was announced involving thousands of untold Microsoft Exchange email servers, which the company says was carried out by Chinese Hackers. To which China has denied any association with the Microsoft breach.
Sen. Mark Warner, a Virginia Democrat and head of the Senate Intelligence Committee, said the government’s initial response to the SolarWinds hack’s discovery was disorganized.
“What struck me was how much we were in the dark for as long as we were in the dark,” Warber said at a recent cybersecurity conference.
Wolf and other top Homeland Security officials used new phones that were wiped clean along with the famous encrypted messaging Application Signal to communicate in the days after the cybercrime, current and former officials said.
One former administration official, who confirmed the FAA (Federal Aviation Administration) was among the agencies affected by the breach, said the agency was hindered in its response by outdated technology and struggled for weeks to identify how many servers were running SolarWinds Software.
In mid-February, the FAA initially told the Associated Press that it had not been affected by the SolarWinds hack, only to issue another statement a few days later that it was continuing to investigate. At least one other Cabinet Member besides Wolf was affected. The hackers could obtain officials’ schedules at the Energy Department, including then-Secretary Dan Brouillette, one former high-placed administration official said.
The new revealings provide a fuller picture of what kind of data was taken in the SolarWinds breach. Several congressional hearings have been held on the subject, but they always have been short on details.
Rep. Pat Fallon, R-Texas, indicated that a DHS secretary’s email had been hacked but did not provide additional detail at one of the hearings. The Associated Press was able to identify Wolf, who declined to comment other than to say he had multiple email accounts as secretary.
DHS spokeswoman Sarah Peck said, “The breach targeted a small number of employees’ accounts,” and the agency “no longer sees indicators of compromise on our networks.”
The Administration has pledged to issue an executive order soon to address “significant gaps in modernization and technology of cybersecurity across the federal government.” But the list of obstructions faced by the federal government is lengthy: competent foreign hackers backed by governments that aren’t afraid of US counterattacks, outdated technology, a shortage of trained cybersecurity professionals, and a complex leadership oversight structure.
The recently approved incentive package includes $650 million in new money for the Cybersecurity and Infrastructure Security Agency to harden the country’s cyber defenses. Officials said that amount is only a down-payment on much more significantly planned spending to improve threat detection.
“We must raise our game,” Brandon Wales, Director of the cybersecurity agency, told a recent House committee hearing.
The Cybersecurity agency operates a threat-detection system known as Einstein. Its failure to detect the SolarWinds breach before a private security company found it terrified the officials. Eric Goldstein, the executive assistant director for cybersecurity, told Congress that Einstein’s technology was created a decade ago and has “grown somewhat stale.”
Anthony Ferrante, the former director for cyber incident response at the US National Security Council and current senior managing director at FTI Consulting, said part of the problem, both in government and in the private sector, is the lack of a skillful workforce.
The Microsoft Exchange hack, which has not affected any federal government agencies, was also discovered by a private firm.
One issue that’s flummoxed policymakers is that foreign state hackers are increasingly using US-based virtual private networks, or VPNs, to evade detection by US intelligence agencies, which are legally constrained from monitoring domestic infrastructure. The SolarWinds hackers used Amazon Web Services and GoDaddy’s hosting services to avoid detection, officials said recently.
The Biden administration does not intend to step up government surveillance of the US internet in response. Instead, the Administration wants to focus on tighter partnerships and enhanced information-sharing with the private-sector organizations that already have broad visibility into the domestic internet.
Responsibilities for responding to breaches, preventing new ones, and providing oversight of those efforts are still unsettled. Last month, the Senate Intelligence Committee leaders criticized the Biden administration for a “disorganized response” to the SolarWinds hack.
The Administration tapped Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology, in response to the SolarWinds and Microsoft breaches. It has not appointed a National Cyber Director, a new position, frustrating some Congress members.
“We’re trying to fight a multifront war without anybody in charge,” said Sen. Angus King, an independent from Maine.
The Biden administration says it’s analyzing how best to set up the new position. “Cybersecurity is a top priority,” said White House spokeswoman Emily Horne.