The United States is planning sanctions to punish Russia for the SolarWinds hack and strengthening its defenses to get more visibility into government networks, The Washington Post reported.
The Biden administration plans to classify the SolarWinds breach as “indiscriminate” and “disruptive” in an effort to distinguish it from espionage activities the U.S. conducts against adversaries, according to the Post. This will pave the way for the U.S. to sanction those responsible for the SolarWinds attack, The Post reported.
“This kind of broad, indiscriminate compromise – and the access that it enabled the hackers to have – crosses a line of concern to us because it can be turned to be disruptive so quickly,” a senior Biden administration official told The Washington Post. “So, at its centrality, it is destabilizing.”
The Biden administration also plans to put out an attribution statement stronger than the one issued last month during the final weeks of the Trump administration, according to the Post. The Cyber Unified Coordination Group (UCG) said Jan. 5 a Russian Advanced Persistent Threat group is “likely” behind the recent cyberattacks on government and non-government networks for intelligence gathering purposes.
The White House didn’t immediately respond to a request for comment from CRN. The Washington Post first reported on Dec. 13 that the Russian foreign intelligence service, or SVR, is believed to have carried out the attack, but the Biden administration hasn’t decided whether or not to say that publicly, the Post reported Tuesday.
Some U.S. officials argue the SVR’s decision to go after only a fraction of the 18,000 organizations who downloaded a malicious SolarWinds Orion update with further incursions made the campaign “discriminate,” The Washington Post reported. As a result, they say the intrusion wasn’t as alarming as an attack that compromised every organization that downloaded the trojanized update, the Post said.
But other senior officials in the Biden administration view it differently, according to The Washington Post.
From a defensive standpoint, The Washington Post said officials are working on measures that’ll make it harder for Russia and other sophisticated adversaries to compromise federal and private sector networks. Specifically, the Biden Administration plans to issue an executive order focused on improving the Department of Homeland Security’s ability to maintain the resilience of government networks.
Part of this will entail giving U.S. Cybersecurity and Infrastructure Security Agency (CISA) personnel visibility into networks that was missing during the SolarWinds campaign, a senior administration official told The Post. “You can’t defend against something you can’t see,” the official said to the Post.
The Post additionally reported for the first time that NASA and the Federal Aviation Administration were compromised during the SolarWinds campaign. Neither agency responded to a CRN request for comment. Nine federal agencies and 100 private firms were compromised through SolarWinds Orion, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said last week.
The other seven U.S. government agencies to be compromised had all been previously reported, according to The Washington Post: Commerce, Energy, Homeland Security, Justice, State, Treasury and the National Institutes of Health (part of the Health and Human Services department). In all cases, the data stolen was unclassified and no operational systems were breached, The Post reported.