Senators criticize the ‘disjointed and disorganized’ SolarWinds hack response

Intelligence Committee chiefs call for coordinated action

Close up of Senator Marco Rubio speaking

The Senate Intelligence Committee heads have urged the White House to appoint a single person to handle the SolarWinds hack fallout. They’ve also called for the government to invoke an Obama-era policy that coordinates a government-wide response to large cyber attacks.

In a letter to key government agencies, Committee chairman and vice-chairman Mark Warner and Marco Rubio warned that a poorly coordinated response to the SolarWinds hack had placed the US in danger.

"We are writing to urge you to name and empower a clear leader in the United States' response to the SolarWinds cyber breach that has affected numerous federal agencies, and thousands of other private sector entities," Said senators Warner and Rubio in the letter. "The federal government's response so far has lacked the leadership and coordination warranted by a significant cyber event, and we have little confidence that we are on the shortest path to recovery."

The senators addressed the letter to Director of National Intelligence Avril Haines, National Security Agency Director Paul M Nakasone, Federal Bureau of Investigation Director Christopher Wray, and Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency. They criticized the intelligence community for briefings that showed a "disjointed and disorganized response" and making it more likely that critical tasks would fall through the cracks.

"The threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed," the letter continued.

Related Resource

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify - whitepaper from IBMDownload now

The senators also highlighted Presidential Policy Directive-41, which sets out a response framework to handle this magnitude cyber security incident. Passed under President Obama in July 2016, this document establishes lead agencies for the response effort.

Under these rules, a Cyber Response Group can coordinate the development and implementation of policy and strategy to handle significant cyber events. It can also establish a Cyber Unified Coordination Group (CUCG) to coordinate operations between various agencies when handling significant events like the SolarWinds hack. 

Under its guidance, any federal agencies involved in the response must devote staff and resources to support the CUCG. The Department of Justice (DoJ) becomes the lead agency for threat response, the Department of Homeland Security handles asset response, and the Office of the Director of National Intelligence leads intelligence support.

Responding to a query from NBC, a spokesperson for the National Security Council said that Anne Neuberger, a deputy national security adviser in charge of cyber policy, had been coordinating the SolarWinds hack response since the first day of the administration.

The US has blamed Russia for the SolarWinds hack, which officials now believe first breached federal systems in September 2019.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Senators propose a tax credit for US-based semiconductor manufacturers
Hardware

Senators propose a tax credit for US-based semiconductor manufacturers

18 Jun 2021
Hackers breach a San Francisco water treatment plant
Security

Hackers breach a San Francisco water treatment plant

18 Jun 2021
NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021