Advertisement

SKIP ADVERTISEMENT

White House Announces Senior Official Is Leading Inquiry Into SolarWinds Hacking

The announcement comes after the bipartisan leaders of the Senate Intelligence Committee criticized the administration for its disjointed response.

Anne Neuberger, appointed a deputy national security adviser by President Biden, has been the “leader for our SolarWinds response,” said Emily Horne, the National Security Council spokeswoman.Credit...Phillip Faraone/Getty Images for WIRED

WASHINGTON — The White House announced on Wednesday that it had put a senior national security official in charge of the response to the broad Russian breach of government computers, only hours after the Democratic chairman of the Senate Intelligence Committee criticized the “disjointed and disorganized response” in the opening weeks of the Biden administration.

The criticism from the newly installed chairman, Senator Mark Warner of Virginia, appeared to take the White House by surprise. But it reflects the deep concern on Capitol Hill that too little is known about the hacking, or how the government and private industry are addressing it, two months after the intrusion was first discovered.

Officials said lawmakers were mistaken to suggest no one was in charge of the federal response. Anne Neuberger, appointed to a newly created post of deputy national security adviser for cyber and emerging technology by President Biden, is overseeing the response to what has become known as the SolarWinds breach, said Emily J. Horne, the National Security Council spokeswoman.

“Since Day 1, she has been running an interagency process on SolarWinds,” Ms. Horne said.

But until the White House’s announcement on Wednesday, Ms. Neuberger’s role had not been publicly announced, and did not seem apparent to those on Capitol Hill who were receiving briefings.

In a joint statement issued Wednesday evening, Mr. Warner and the Republican vice chairman of the intelligence committee, Senator Marco Rubio of Florida, reiterated that the response to the breach had lacked leadership but said the announcement that Ms. Neuberger would lead the response was “welcome news.” They added that they were expecting regular briefings from her to ensure “we fully confront and mitigate this incident as quickly as possible.”

Until last month, Ms. Neuberger had served in a variety of key posts at the National Security Agency, and ran the Russia Small Group that devised responses to Moscow’s interference in the 2016 presidential election. She is widely regarded as an experienced and tough veteran of the low-level, constant conflict between Russia and the United States.

But the letter, released Tuesday by Mr. Warner and Mr. Rubio, reflected a growing unease with the absence of much public information about the Russian hacking, which affected numerous federal agencies.

Mr. Biden has repeatedly vowed that he will impose costs on Russia for the sophisticated breach, and added last week that the days of “rolling over in the face of Russia’s aggressive actions” were over. It was a reference to President Donald J. Trump’s repeated refusal to confront President Vladimir V. Putin of Russia.

After the SolarWinds attack was revealed — named for the Texas company whose software was hijacked by Russian hackers — Mr. Trump suggested on Twitter that the culprit might have been China. He was soon contradicted by his own intelligence agencies.

But assessing the damage done, the lessons learned from the Russian action and the response is a slow process. Mr. Biden, aides say, does not want to risk even greater escalation with Mr. Putin. And it is not yet clear that the attack is over, or will be limited to the theft of communications.

After briefings on the issue, Mr. Warner and Mr. Rubio wrote that “the threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed.”

Ms. Neuberger’s efforts are focused on directing agencies hit by the Russian intrusion to patch and repair their networks, examine the government’s response to the episode and work with the private sector. She is also overseeing a study of the longer-term implications of the attack on the “supply chain” of software, Ms. Horne said.

The White House has also charged the Office of the Director of National Intelligence to conduct an assessment of the SolarWinds hacking, work that is continuing.

Mr. Warner has pledged to hold public hearings on the intrusion to help better understand what happened.

In an interview last week, before the letter was sent, Mr. Warner said he was disturbed that FireEye, a leading cybersecurity company, not the network of sensors monitored by the National Security Agency, had discovered the SolarWinds intrusion. The agency has said nothing publicly about why those signals were missed.

“I would like to err much more on the side of public discussion,” Mr. Warner said last week.

Dmitri Alperovitch, a cybersecurity expert who was the co-founder of CrowdStrike and now runs the Silverado Policy Accelerator, a think tank, told the House Homeland Security Committee on Wednesday that the SolarWinds intrusion had the most impact of any cyberattack in American history. The hack has made clear “serious gaps” in U.S. strategy.

But he noted that the attack not only was on SolarWinds, but also exploited other supply chain weaknesses.

Some 30 percent of the networks on which Russian back doors were discovered did not have the SolarWinds software installed, a development earlier reported by The Wall Street Journal.

But many of those systems used other software that was created on systems that used SolarWinds programs, according to two industry executives involved in investigating the hacking. The finding suggests that Russia was able to use the vulnerability on SolarWinds to burrow deeper into the supply chain and leaves open the possibility that more back doors installed by Moscow have yet to be found, according to people briefed on the investigation.

Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, told the House committee this week that more centralized federal oversight of cyberdefenses was necessary. He said Congress needed to expand authorities allowing the government to actively hunt for intruders on some networks.

“As long as the tools are available, vulnerabilities exist, money and secrets are to be had, and a lack of meaningful consequences persist, there will be malicious cyberactors,” said Mr. Krebs, who has been consulting with SolarWinds on the response to the hacking. “Complicating matters, we make it far too easy for the bad guys.”

At the same hearing, Sue Gordon, the former principal deputy director of national intelligence, said there was no technological “magic bullet” to improve cyberdefenses. But she called on the intelligence agencies to share more information about the intent of nation-states to improve the ability of companies to defend their networks.

“That is anathema to my former colleagues,” Ms. Gordon said. “But if we don’t share it more broadly, how will a nongovernmental entity ever get ahead of their attackers?”

Under the Trump administration, the F.B.I., the Department of Homeland Security and multiple intelligence agencies created the so-called Unified Coordination Group to organize the federal response. The Senate letter said that group “has lacked the leadership and coordination warranted by a significant cyberevent.”

Julian E. Barnes is a national security reporter based in Washington, covering the intelligence agencies. Before joining The Times in 2018, he wrote about security matters for The Wall Street Journal. More about Julian E. Barnes

David E. Sanger is a national security correspondent. In a 36-year reporting career for The Times, he has been on three teams that have won Pulitzer Prizes, most recently in 2017 for international reporting. His newest book is “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.” More about David E. Sanger

A version of this article appears in print on  , Section A, Page 19 of the New York edition with the headline: Senior Official Is Leading Investigation into SolarWinds Breach. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT