Warner and Rubio urge Biden administration to designate a leader on SolarWinds hack response
The top lawmakers on the Senate Intelligence Committee urged the Biden administration on Tuesday to designate a leader to address the US government response to the massive hacking campaign that targeted government agencies and private-sector companies.
“The federal government’s response so far has lacked the leadership and coordination warranted by a significant cyber event,” wrote Chairman of the Senate Select Committee on Intelligence Sen. Mark Warner, D-Va., and Vice Chairman Sen. Marco Rubio, R-Fla., in a letter to administration intelligence and law enforcement leadership.
Since taking office, President Joe Biden’s administration has faced mounting pressure to respond to the data breach, which has raised concerns about the security of corporate secrets, government emails and other sensitive data. The Trump administration formally pointed the finger at Russia last month after revelations surfaced in December that hackers had put malicious code into a tool published by SolarWinds, a software vendor used by countless government agencies and Fortune 500 businesses.
Warner and Rubio wrote that they had little confidence that the US is on the “shortest path to recovery.” The senators also complained that the briefings they received conveyed a “disjointed and disorganized” response to confronting the breach.
“The threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed,” the letter says.
The Biden administration has been praised by experts for elevating cyber officials to higher positions in the White House National Security Council, but almost three weeks since the inauguration, there’s still been no announcement about the national cyber director or the Cybersecurity and Infrastructure Security Agency director, both positions that could serve as leaders for a coordinated response.
The Cybersecurity and Infrastructure Security Agency has been run by Brandon Wales in acting capacity since then-President Donald Trump fired Chris Krebs, one of the most prominent cyber officials in the previous administration. Rob Silvers, a partner at the law firm Paul Hastings, is expected to be tapped to lead the agency in the Biden administration, CNN previously reported. He served as assistant secretary for cyber policy at the Department of Homeland Security during the Obama administration, as well as in other senior roles at the department.
Meanwhile, Biden’s top National Security Council cyber officials are already in place — Anne Neuberger and Michael Sulmeyer, who both come from the National Security Agency.
The four agencies that were sent the letter — the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence — provided little or no comment.
A spokesperson for the Office of the Director of National Intelligence told CNN that the agency had received the letter and will respond accordingly.
A National Security Agency official said the agency “does not comment on Congressional correspondence” and a FBI spokesperson said “the FBI can confirm receipt of the letter. Beyond this, we have no further comment.” CISA spokesperson Scott McConnell said the agency does not comment on congressional correspondence.
Meanwhile, the White House pushed back on the letter, telling CNN in statement that Deputy National Security Advisor Neuberger is the lead on the federal response.
“We do have a leader for our Solar Winds response: DNSA Anne Neuberger. Since day one she has been running an interagency process on Solar Winds with three key lines of effort,” NSC Spokesperson Emily Horne said.
She said those efforts include directing compromised agencies to complete specific remediation actions; identifying issues in the government’s incident response and partnership with the private sector, including potential executive actions underway; and launching a study of Solar Winds lessons learned regarding incident responders, the private sector and industry leaders to prevent such incidents in the future.
“In the first weeks of the Biden administration DNSA Neuberger has held a series of consultations with both Democratic and Republican members of Congress on our approach to Solar Winds specifically and our cybersecurity strategy broadly. We look forward to continuing to work with Congress on these issues,” Horne added.
