President Biden Orders SolarWinds Intelligence Assessment
New Administration Signals Importance of Cybersecurity to National Security AgendaThe new Biden administration has vowed to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack.
See Also: Gartner Market Guide for DFIR Retainer Services
"Even as we work with Russia to advance U.S. interests, so too we work to hold Russia to account for its reckless and adversarial actions," White House press secretary Jen Psaki told reporters on Thursday. "To this end, the president is also issuing a tasking to the intelligence community for its full assessment of the SolarWinds cyber breach, Russian interference in the 2020 election, its use of chemical weapons against opposition leader Alexei Navalny and the alleged bounties on U.S. soldiers in Afghanistan."
The Biden administration's early moves signal the importance of cybersecurity in its national security agenda as well as a willingness to hold Russia to account. Such a tone stands in contrast to Biden's predecessor, former President Donald Trump, who repeatedly undercut or publicly rebutted assessments by U.S. intelligence agencies that attributed attacks to Russia.
The Russia Challenge
Russia presents one of the biggest national security challenges facing President Joe Biden, who began his four-year term on Wednesday. In recent years, Russia has attempted to assassinate critics both inside the country and out, been accused of widespread attempts to disrupt Western elections and been tied to numerous hack attacks.
The most recent hack to come to light was the supply chain attack against SolarWinds. Attackers added a backdoor called "Sunburst" into SolarWinds' Orion network monitoring software. Up to 18,000 customers installed and ran the Trojanized software. Attackers then used Sunburst to target some of those customers. Intelligence experts have suggested that about 300 organizations may have been hit with these more advanced hack attacks, which could have led to data exfiltration, eavesdropping - including email inbox access - and follow-on attacks against business partners.
How Biden might respond to the SolarWinds hack, however, remains unclear. Intelligence experts say the SolarWinds hack appeared to be a Russian espionage operation.
Asked at a Wednesday press conference if the president had spoken with Russian President Vladimir Putin by phone since taking office, Psaki said Biden had not. "I expect that his early calls will be with partners and allies," she said. "He feels it is important to rebuild those relationships and address the challenges and the threats we are facing in the world."
Speaking about the SolarWinds attack and reiterating statements made by Biden before he took office, she said: "We reserve the right to respond at a time of our choosing to any cyberattack." But she added that it was too soon to announce anything further.
Extending New START Treaty
Russia, of course, remains a nuclear superpower.
In one of the Biden administration's first national security moves, Psaki announced Thursday that "the United States intends to seek a five-year extension of New START as the treaty permits." The nuclear arms reduction treaty was first agreed to in 2010. In addition to committing both countries to reducing their total number of nuclear missiles, bombers and launchers, it allows for 18 on-site inspections per year.
"The president has long been clear that the New START treaty is in the national security interest of the United States, and this extension makes even more sense when the relationship with Russia is adversarial, as it is at this time," Psaki said.
Capitol Siege
Biden's Wednesday inaugural ceremony took place at the west front of the U.S. Capitol, which had been stormed by violent protestors as part of an insurrection just two weeks before.
"On this hallowed ground where just days ago violence sought to shake this Capitol’s very foundation, we come together as one nation, under God, indivisible, to carry out the peaceful transfer of power as we have for more than two centuries," Biden said in his inaugural speech.
The violent Capitol siege led to the deaths of five people and dozens of injuries. The FBI says it is seeking to identify 300 suspects tied to the attempted insurrection and is reviewing some 140,000 pictures and videos to help do that. So far, federal cases have been brought against 15 women and more than 100 men.
Proposals in Congress call for creating an independent commission to review the Jan. 6 riot, including security failures. Rep. John Katko of New York, who's the top Republican on the House Committee on Homeland Security, says the intelligence briefings he's received suggest that the insurrection was much more carefully planned than it first appeared.
Trump was impeached for a second time - just days after the violence - by the House of Representatives for delivering a speech inciting supporters to march on the Capitol. On Thursday, Senate Minority Leader Mitch McConnell proposed hearing the case against Trump next month to give the former president's legal team time to prepare.
Battling Disinformation Campaigns
In the wake of the Capitol violence, the FBI warned that the riot was being exploited for disinformation campaigns, including violence targeted at the inauguration. In response, the government locked down Washington to an unprecedented degree, deploying more than 20,000 National Guard troops from all 50 states. The effort appears to have been a success, resulting in a calm day in Washington, although protests in Seattle and Portland, Oregon, turned violent, resulting in some arrests.
Psaki said the White House planned to try to counter misinformation - or disinformation campaigns run by foreign governments - by holding press briefings every weekday, with a special focus on the COVID-19 pandemic.
"There are a number of ways to combat misinformation. One is accurate information and truth, and data, and sharing information even when it is hard to hear and even when it is not meeting the expectations of people at home who are desperate for the crisis to be over," she told reporters on Wednesday.
Biden's 'American Rescue Plan'
Before taking office, Biden proposed a $1.9 trillion "American Rescue Plan," largely focused on trying to better contain the ongoing pandemic and provide economic relief. It also includes nearly $10 billion for cybersecurity and IT spending. Specific proposals include rapidly hiring security experts to work for the Office of the U.S. Chief Information Security Officer as well as the Digital Service unit in the White House, and improving the U.S. Cybersecurity and Infrastructure Security Agency's security monitoring and incident response monitoring and coordination capabilities.
Several high-level positions in the new administration that affect cybersecurity have now been filled.
On Wednesday, the Senate approved Avril Haines as director of national intelligence. She's been a vocal proponent of improving U.S. organizations' cybersecurity posture as well as public and private cooperation.
Assuming the role of senior director for cyber - it's not yet clear what that position entails - is Michael Sulmeyer, who previously served as a senior adviser to Gen. Paul Nakasone, who heads the National Security Agency and U.S. Cyber Command.
Rob Joyce, a longtime NSA employee who was the last White House cybersecurity coordinator, before President Trump axed the position, and who from 2013 to 2017 headed the agency's offensive hacking unit, will be heading the NSA's Cybersecurity Directorate.
The directorate focuses on preventing and eradicating threats to national security systems and the defense industrial base, such as the SolarWinds hack.
Joyce takes over from Anne Neuberger, who led the NSA's effort to counter Russian interference in the 2020 U.S. election. She's been appointed to the new position of deputy national security adviser for cyber and emerging technology.