US Cyber Chief Says Basic Security May Have Hampered SolarWinds Hackers The SolarWinds Corp. logo is seen at the headquarters in Austin, Texas. (Suzanne Cordeiro/AFP via Getty)
By Fran Beyer | Monday, 21 June 2021 02:54 PM
SolarWinds hackers who wreaked havoc across federal government networks last year — one of the largest cybersecurity incidents in U.S. history — may have been stopped or minimized if basic security measures had been in place, a government official says.
In a June 3 letter to Sen. Ron Wyden, D-Ore., first reported by Reuters and verified by The Hill, Cybersecurity and Infrastructu/re Security Agency acting director Brandon Wales said Wyden was right to question if firewalls placed in victim agency systems could have helped block the malware virus.
“CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralized the malware,” Wales wrote.
The agency “did observe victim networks with this configuration that successfully blocked connection attempts and had no follow-on exploitation, the effectiveness of this preventative measure is not applicable to all types of intrusions and may not be feasible given operational requirements for some agencies," he added.
Wales said CISA doesn’t have numbers on how many federal agencies were segmenting and segregating their networks, a key security guideline the agency has long recommended as a way to prevent hackers from moving through sensitive networks.
He also said CISA is making “urgent improvements” to increase its understanding of cyber threats to federal networks — including some of the $650 million included in the American Rescue Plan Act to move security protections inside of agency networks instead of just guarding the perimeters.
“We must ensure the development of a modern cybersecurity governance structure and capabilities,” he wrote. “We need cybersecurity tools and services that provide us a better chance of detecting the most sophisticated attacks. And we need to rethink our approach to managing cybersecurity across 101 Federal Civilian Executive Branch agencies.”
According to The Hill, the response comes six months after the SolarWinds hack was discovered in December. The hack, which U.S. intelligence agencies assessed earlier this year was likely Russian-government backed, led to the compromise of nine federal agencies and around 100 private sector organizations.
President Joe Biden issued sanctions against Russia in April in retaliation for the hack and raised the incident with Russian President Vladimir Putin during their summit in Geneva, the news outlet noted.
The letter from CISA was sent months after Wyden wrote to the agency expressing concerns around what he described as “the U.S. government’s inability to detect and prevent a major Russian hacking campaign.”
Wyden also questioned SolarWinds CEO Sudhakar Ramakrishna about concerns around internet connectivity and a lack of firewall during a Senate Intelligence Committee hearing on the incident in February.
“It is true that the Orion platform software does not need connectivity to the internet to perform its regular duties, which could be network monitoring, system monitoring, application monitoring on premises of our customers,” Ramakrishna testified in response to Wyden’s question.