The Biden administration said Monday that it was “standing down” the cyber unified coordination groups created to respond to the hacks of SolarWinds computer network management software and Microsoft Exchange servers.
The decision reflects the Biden administration’s emerging cyber strategy to consolidate cyber responsibilities, which came into focus last week through President Biden’s nominations for the federal government’s first national cyber director and for the lead of the Cybersecurity and Infrastructure Security Agency.
“Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology, in a statement.
After the public disclosure of hackers breaching SolarWinds software to compromise nine federal agencies, the Trump administration formed a coordination group to respond that included components of the FBI, National Security Agency, Office of the Director of National Intelligence, and CISA.
Another coordination group was formed in response to the hack of Microsoft Exchange servers, and the Biden administration said it invited private-sector companies, which was the first time the government had undertaken that collaboration.
“The Biden administration is undertaking a whole-of-government effort — working closely with Congress, the private sector, and allies and partners around the world — to build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation’s ability to quickly and effectively respond to significant cybersecurity incidents,” Ms. Neuberger said. “While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector.”
Last week, Mr. Biden tapped former National Security Agency Deputy Director John C. Inglis to serve as the nation’s first cyber director and former NSA official Jen Easterly to lead CISA. Those nominees will help to oversee federal cybersecurity policy if confirmed by the U.S. Senate alongside Ms. Neuberger.
Lawmakers have raised concerns about the federal government’s response to the cyber intrusions and sought more clarity about who had responsibility for cyber in the federal government.
Senate Homeland Security and Government Affairs Committee leadership pressed the Office of Management and Budget earlier this month for answers on who handles cybersecurity in individual agencies across the government, while the leaders of the Senate Select Committee on Intelligence publicly criticized in February the intelligence community’s response to the SolarWinds hack.
The Biden administration formally identified Russia as responsible for the SolarWinds hack and placed sanctions on Russia last week. Federal cyber officials blamed the Russian Foreign Intelligence Service (SVR) and cautioned all cybersecurity stakeholders to check their networks for indications of compromise.
Microsoft has said China-based cyberattackers are responsible for the hack affecting its Exchange servers.