U.S. Government Winds Down SolarWinds, Exchange Attack Response Groups
The coordinated efforts of four U.S. security agencies to immediately respond to the SolarWinds Orion and Microsoft Exchange Server incidents will be scaled back as private industry and the federal government corral the aftermath of both attacks, a top Biden administration security advisor said.
Two separate emergency response teams, termed unified coordination groups (UCGs), each comprised of members of the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency (CISA), have been directed to “stand down” as more patches are applied and fewer companies are victimized, said Anne Neuberger (pictured above), the President’s deputy national security advisor for cyber and emerging technology.
“Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures,” Neuberger said.
U.S. Federal Government: SolarWinds Hack Response, Learnings
In December, 2020, former President Trump directed the National Security Council to set up a UCG to handle the government’s actions following the SolarWinds attack. In February, the White House appointed Neuberger, who formerly served as a senior cybersecurity official at the NSA, to head the government’s response to the SolarWinds hijack. Sens. Mark Warner (D-VA) and Marco Rubio (R-FL) had previously advocated for a leader to oversee the federal response to the hack.
Neuberger pointed to four “lessons learned” from private industry and federal agency responses to the SolarWinds and Exchange Server attacks that will be used to “improve future unified, whole of government” answers to large scale attacks:
- Integrating private sector partners at the executive and tactical levels resulted in an expedited Microsoft one-click tool to remediate the vulnerability and the sharing of relevant information.
- CISA created and deployed a methodology to monitor trends in patching and exposed Exchange servers that enabled the UCG to quantify the scope of the incident.
- Through industry relationships and leveraging legal authorities, the FBI and Department of Justice (DOJ) quickly identified the scale of the incidents.
- NSA and CISA released cybersecurity advisories that detailed adversary techniques and provided mitigation for system owners. NSA also provided guidance to other U.S. military and intelligence organizations, as well as contractors in the defense industrial base.
“While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector,” Neuberger said.
U.S. Federal Government: Cybersecurity Strategy
Along those lines, more than $2 billion in discretionary funding allocated to CISA is line-itemed in Biden’s FY 2022 proposed budget request sent to Congress. The CISA discretionary request amounts to a $110 million increase from the FY 2021 enacted level. And, $650 million was included in the recent COVID-19 relief legislation to support CISA. In addition, Biden reportedly will soon sign an executive order said to include about a dozen actions to improve federal cybersecurity.
On the downside, cybersecurity is taking a backseat in President Biden’s proposed $2.25 trillion infrastructure package with no money allocated to defend the country from cyber attacks on critical infrastructure targets.