The Biden administration is preparing to take executive action to address cybersecurity vulnerabilities in the aftermath of the SolarWinds hack affecting federal networks, according to Anne Neuberger, deputy national security adviser for cyber and emerging technology.
Ms. Neuberger, who is leading the federal government’s response to the hack, said Wednesday that the U.S. government knew that hackers breaching the SolarWinds computer network management software had compromised nine federal agencies and approximately 100 private-sector companies. She said the full number of entities exposed to the potential hack is closer to 18,000 and that the government is in the early stages of investigations that will produce clearer attribution and damage assessments.
“In terms of response to the perpetrator, discussions are underway,” said Ms. Neuberger to reporters at the White House. “I know some of you will want to know what kind of options are being contemplated. What I will share with you is how I frame this in my own mind: This isn’t the only case of malicious cyber activity of likely Russian origin, either for us or for our allies and partners. So as we contemplate future response options, we’re considering holistically what those activities were.”
The Biden administration is pushing for new cybersecurity spending, including $9 billion via coronavirus relief legislation being debated by Congress, and Ms. Neuberger said she has routinely visited the Hill to work with lawmakers. Regardless of whether Congress provides the spending pushed for by the Biden administration, Ms. Neuberger said the White House was readying executive actions to shore up gaps exposed already identified by the government’s review of the hack.
The federal government’s response to the hack has previously rankled some lawmakers, particularly the leadership of the Senate Select Committee on Intelligence. Intelligence committee chair Sen. Mark Warner, Virginia Democrat, and its top-ranking Republican, Sen. Marco Rubio of Florida, wrote a letter earlier this month that castigated the intelligence community’s response to the hack.
The bipartisan duo said they had “little confidence” that the country was on the shortest path to recovery and chastised the agencies’ lack of leadership and coordination in the letter to the heads of FBI, National Security Agency, Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency.