President-elect Joe Biden released a strongly-worded statement Thursday, condemning the massive hack of the software firm SolarWinds, which is believed to have been carried out by Russian hackers.
By contrast, the White House and President Donald Trump still have not commented publicly on the attack.
Biden said he will make dealing with the hack a “top priority” from the moment he takes office, adding, “Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.”
Utah Sen. Mitt Romney criticized Trump’s silence on the issue, telling CNN, “This is almost as if you had a Russian bomber flying undetected over the country, including over the nation’s capital, and not to respond in a setting like that is really stunning.”
President-elect Joe Biden issued a statement Thursday strongly condemning the massive hack of the software firm SolarWinds that compromised hundreds of US entities.
“We have learned in recent days of what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including US companies and federal government entities,” the Biden transition team said in a statement.
“I want to be clear: my administration will make cybersecurity a top priority at every level of government – and we will make dealing with this breach a top priority from the moment we take office,” Biden added. “We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyber attacks.”
The president-elect’s statement came as the White House still hasn’t publicly commented on the breach, which is believed to have been carried out by Russian hackers and is the biggest cyberattack against US entities in recent history.
SolarWinds’ products are used by hundreds of Fortune 500 companies and multiple US government agencies, including the Pentagon, intelligence agencies, State Department, Commerce Department, Treasury Department, and more. Politico also reported Thursday that the hackers appear to have breached the US’s nuclear agency, though it’s unclear what information they obtained.
Utah Sen. Mitt Romney on Thursday criticized the White House for staying silent on the attack.
“I think the White House needs to say something aggressive about what happened,” he told CNN. “This is almost as if you had a Russian bomber flying undetected over the country, including over the nation’s capital, and not to respond in a setting like that is really stunning.”
US officials are still working to find out how many entities were affected by the attack and how much data was stolen. The breach was discovered several days ago but the operation is believed to have been going on for at least the last nine months.
Shortly after officials discovered the breach, the US Cybersecurity and Infrastructure Security Agency issued emergency guidance instructing all federal civilian agencies to uninstall SolarWinds software and let CISA know when they had, in a sign of how seriously the US government was taking the attack.
The SolarWinds hack was particularly devastating because it was a supply chain attack that left thousands of the firm’s clients vulnerable to having their data stolen.
“This level of access is exactly what an intelligence operation looks like in the real world,” David Kennedy, the CEO of TrustedSec and a former NSA hacker, told Business Insider. “And we’re getting a glimpse of that. A lot of companies have SolarWinds implemented and it always has a high level of access in an environment. And that’s what attackers always go after.”
US officials also haven’t determined the specific motive that hackers had when carrying out the attack. But Kennedy said that for the attackers to burn such a valuable foothold into hundreds of public and private entities means they likely came across something valuable.
“This type of foothold that they had into an organization like SolarWinds is extremely valuable for nation states because they can pick any target they want to steal information,” Kennedy said, adding that foreign actors typically only use such access for things like high-gain intelligence operations and military preparedness. “So we don’t know their objectives in this specific case, but it was definitely something that was of high value that they wanted to go after in order to burn this specific mechanism or access they had into there.”
Biden said in his statement Thursday that in addition to having a strong defense against cyberattacks, “we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place. We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.
“Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.”
Read the original article on Business Insider