Changes coming to federal cyber in wake of massive breach

The supply chain hack that targeted IT management software SolarWinds and other vendors will result in changes to the federal government's cybersecurity posture, according to the official charged with leading the administration's response.

Anne Neuberger briefs the white house press corps feb 17 2021

Anne Neuberger briefs the White House press corps on Feb. 17, 2021.

The White House today said it is planning "executive action" to address cybersecurity gaps that allowed a breach of nine federal agencies and about 100 private sector companies to persist undetected for months as part of government response to a wide ranging hack involving IT management software SolarWinds and other commercial products.

"We're also working on close to about a dozen things," Anne Neuberger deputy national security advisor for cyber and emerging technology, said in a Wednesday press briefing in the White House. "Likely, eight will pass to be part of an upcoming executive action to address the gaps we have identified in our review of this incident."

Neuberger, who is leading the federal response to the breach, said the intelligence community is continuing to investigate the actors behind the compromise and declined to attribute the attack to any specific country or group.

"Until that study is complete, I will use the language we previously used, which was to say an advanced persistent threat actor likely of Russian origin was responsible," she said.

The press briefing was her first both as deputy national security advisor and the administration's leading official for responding to the multi-agency hack. Much of what she outlined about the incident was previously known through statements from agencies that have publicly acknowledged they were compromised.

Neuberger said the government is currently focused on expelling hackers from federal networks, modernizing federal IT to better protect it against this kind of attack and considering "potential response options to the perpetrators."

The White House has been careful in recent weeks not to provide any forecast of how or when it will respond except to say the president reserves the right to do so in the time and manner of his choosing.

"This isn't the only case of malicious cyber activity of likely Russian origin either for us or for our allies and partners, so as we contemplate future response options, we are considering holistically what those activities were," she said.

Neuberger also acknowledged that other, yet undeclared victims within the government or private sector may emerge as the investigation continues.