More information regarding the infamous SolarWinds hack continues to be unveiled as security professionals learn more about what actually happened.
The Associated Press recently reported that the hackers behind the attack, who are believed to be Russian, were able to gain access to email accounts belonging to the former head of the Department of Homeland Security (DHS) during the Trump administration, Chad Wolf.
It was also reported that members of the DHS' cybersecurity staff, whose jobs included hunting threats from foreign countries, had their accounts accessed, as well.
The value of the intelligence the hackers were able to gather from accessing DHS accounts is still unknown, but it has prompted some serious responses from cybersecurity experts and politicians.
Senator Rob Portman of Ohio, who is on the Senate's Homeland Security and Governmental Affairs Committee, said this in a tweet Monday morning: "The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS.”
The SolarWinds breach has certainly raised questions about how well the U.S. government can protect individuals and organizations around the country, along with its own networks.
How will the U.S. government respond to the SolarWinds situation?
The Biden administration has been trying to keep most information regarding the SolarWinds hack in house as it weighs how it wants to respond.
However, here is what the AP reported about the government's response:
"The Biden administration has pledged to issue an executive order soon to address 'significant gaps in modernization and in technology of cybersecurity across the federal government.' But the list of obstacles facing the federal government is long: highly capable foreign hackers backed by governments that aren't afraid of U.S. reprisals, outdated technology, a shortage of trained cybersecurity professionals, and a complex leadership and oversight structure.
The recently approved stimulus package includes $650 million in new money for the Cybersecurity and Infrastructure Security Agency [CISA] to harden the country's cyber defenses. Federal officials said that amount is only a down payment on much bigger planned spending to improve threat detection."
The article also notes that CISA has been operating a threat detection system known as Einstein, which failed to detect the SolarWinds breach before the government was notified of it by cybersecurity company FireEye. Einstein was designed 10 years ago.
One way the Biden administration plans to improve the nation's cybersecurity is to focus on building better relationships and encourage information sharing with private sector companies who already have broad visibility into the domestic internet.
