Adding to the hysteria surrounding a recently revealed hack of the software company SolarWinds that has affected several US government agencies, Joe Biden slammed President Trump over the incident.
“This attack constitutes a grave risk to our national security. It was carefully planned and carefully orchestrated,” Biden said. “It was carried out by using sophisticated cyber tools. The attackers succeeded in catching the federal government off guard and unprepared.”
Biden said the Trump administration did not prioritize cybersecurity enough to prevent the intrusion. He said the incoming administration will “probably respond in kind” after assessing the full scope of the cyberattack. Biden’s Chief of Staff Ron Klain said on Sunday that the administration’s response will be more than “just sanctions.”
Sources close to Biden told Reuters that the administration is considering sanctions against Moscow or attacks on Russia’s cyber infrastructure as a response, despite a lack of evidence that Moscow was involved. So far, Secretary of State Mike Pompeo and Attorney General William Barr have said Russia was likely behind the hack, while Trump shifted the blame to China and downplayed the incident altogether.
On Tuesday, Biden said the cyberattack “fits Russia’s long history of reckless disruptive cyber activities, but the Trump administration needs to make an official attribution.” Russia is Washington’s favorite suspect when it comes to cyberattacks and is often blamed for such incidents. But attributing cyber activity is difficult, and the US rarely offers evidence to substantiate its claims.
One example often cited by the media when discussing Russia’s history of hacking the US is the DNC emails that were published by WikiLeaks in 2016. Russia was first accused of hacking the DNC server in June 2016 by the cybersecurity firm CrowdStrike. In its investigation into alleged Russian election interference, the FBI relied on CrowdStrike’s work.
Earlier this year, testimony from CrowdStrike President Shawn Henry before the House Intelligence Committee in 2017 was declassified. Under oath, Henry admitted the firm had no “concrete evidence” that alleged Russian hackers took data from DNC servers. “There are times when we can see data exfiltrated, and we can say conclusively. But in this case it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left,” he said.
As far as attribution, Henry said: “There are other nation-states that collect this type of intelligence for sure, but the — what we would call the tactics and techniques were consistent with what we’d seen associated with the Russian state.”
Identifying tactics, techniques, and procedures is a way the US often attributes cyber activity to Russia. Last week, the Cybersecurity and Infrastructure Security Agency put out an alert that said the actor responsible for the SolarWinds hack likely has “tactics, techniques, and procedures (TTPs) that have not yet been discovered.”
The cybersecurity firm FireEye that first reported the SolarWinds hack attributed it to a “nation-state” but did not specify which one could have been responsible. The extent of the hack is still unknown.
Reports from the media that the Energy Department was targeted alluded to the idea that nuclear secrets were compromised. The Energy Department clarified the reports and said that hackers only accessed “business networks.” The statement said the incident “has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration.” SolarWinds software was not used on networks with classified government data.