After realizing that the SolarWinds hack was one of the biggest breaches ever, experts have repeatedly noted that we still don’t know the full fallout of the attack. Today’s news illustrates that point perfectly. Nearly two years after the infiltration, we’re just finding out that the cybercriminals hacked the Trump administration’s head of homeland security (DHS).
In terms of high-profile victims, it doesn’t get much bigger than that.
Russian Hackers Aim High
The SolarWinds cybercriminals were clearly looking to send a message when they hacked members of the DHS. The suspected Russian cyber criminals infiltrated the emails of acting secretary Chad Wolf and his staff.
As stated on its website, the Department of Homeland Security’s mission is to “secure the nation from the many threats we face.” It specifically lists “cybersecurity analyst” as one of the important positions the department enlists.
Unfortunately, the DHS has been outsmarted on a grand scale by foreign actors. The SolarWinds attack and the Microsoft Exchange hack are two of the largest breaches we’ve ever seen. And both were discovered by private companies as opposed to the U.S. government.
Add this to the fact that Chinese hackers had previously hacked the NSA and stolen some of the agency’s tools, and the U.S. is looking more vulnerable than ever in the cybersecurity realm.
Rob Portman, top Republican on the Senate homeland security committee, told The Guardian,
The SolarWinds hack was a victory for our foreign adversaries and a failure for DHS. We are talking about DHS’s crown jewels.
Officials of the energy department, including then secretary Dan Brouillette, were also hacked. Hackers allegedly obtained their private schedules. In total, at least nine federal agencies and 100 private sector groups were breached in the SolarWinds attack.
What Is the Biden Administration Doing About It?
The Biden administration is reportedly still looking into retaliatory efforts against Russia. In the meantime, it’s scrambling to improve its cybersecurity.
Biden has criticized Donald Trump because he “failed to prioritize cybersecurity,” but a government watchdog recently said that federal cybersecurity has “regressed” since 2019. Part of the reason for that designation is the government’s failure to appoint a central leader to their cybersecurity front.
Check out this video on the Russian cyberattacks:
The current administration hired Anne Neuberger, the deputy national security adviser for cyber and emergency technology, to combat the SolarWinds and Microsoft Exchange hacks. But there’s still no full-time leader, a fact that’s bothered some members of Congress.
Senator Angus King has said that “we’re trying to fight a multi-front war without anybody in charge.”
The White House has pledged to issue executive orders that bridge the gap in “modernization and in technology of cybersecurity across the federal government.”
As part of the latest stimulus package, the Cybersecurity and Infrastructure Security Agency will receive $650 million to help bolster its cybersecurity.
Biden’s American Rescue Plan proposed a $9 billion commitment to cyber defense. Hopefully, the U.S. continues to back up its claims with the proper funding and dedication.
If you think you’ve been hacked, reach out to us immediately.
Featured image by Keith Homan of Shutterstock.com