White House plans executive action in response to massive breach

In response to a wide-ranging hack involving SolarWinds IT management software and other commercial products, the White House is planning executive action to address cybersecurity gaps.

Hackers inserted a trojan into SolarWinds network management software that nine federal agencies and about 100 private-sector companies uploaded, allowing intruders to dwell undetected in their systems for months. About 18,000 organizations downloaded the tainted update, and the damage could be more widespread, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said in a Feb. 17 press briefing. 

“The scale of potential access far exceeded the number of known compromises.  Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions,” Neuberger said.

In response, "we're also working on close to about a dozen things," she said, adding that eight items will likely be included in "upcoming executive action to address the gaps we have identified in our review of this incident.”

Neuberger, who is leading the federal response to the breach, said the intelligence community is continuing to investigate the actors behind the compromise and declined to attribute the attack to any specific country or group.

"Until that study is complete, I will use the language we previously used, which was to say an advanced persistent threat actor likely of Russian origin was responsible," she said.

Neuberger said the government is currently focused on expelling hackers from federal networks, modernizing federal IT to better protect it against this kind of attack and considering "potential response options to the perpetrators."

The administration aims to modernize federal defenses by building back better, she said: “We’re absolutely committed to reducing the risk this happens again.  If you can’t see a network, you can’t defend a network.  And federal networks’ cybersecurity need investment and more of an integrated approach to detect and block such threats.”

The White House has been careful in recent weeks not to provide any forecast of how or when it will respond except to say the president reserves the right to do so in the time and manner of his choosing.

"This isn't the only case of malicious cyber activity of likely Russian origin either for us or for our allies and partners, so as we contemplate future response options, we are considering holistically what those activities were," she said.

Neuberger also acknowledged that other, yet undeclared victims within the government or private sector may emerge as the investigation continues.

This article was first posted to FCW, a sibling site to Defense Systems.