The official leading the effort said changes are necessary to allow information sharing within the federal government.
While it will take several months to fully understand the massive hacking campaign that compromised several federal agencies and private-sector companies, the Biden administration is already devising an executive order in response, according to Anne Neuberger, deputy national security adviser for cyber and emerging technology.
She said nine federal agencies and about 100 companies were known to be compromised, but because roughly 18,000 entities downloaded a malicious update from network management company SolarWinds, the scale of the campaign could be much larger.
Neuberger previously shared plans to “build back better” after the incident by modernizing federal networks. On Wednesday, she delivered an update on the response during a White House press briefing and highlighted a need for greater domestic visibility, in addition to her initial thoughts on dealing with the perpetrator.
“We're also working on close to about a dozen things—likely eight will pass—that’ll be part of an upcoming executive action to address the gaps we've identified in our review of this incident,” she said.
Neuberger’s remarks noted challenges associated with the value the U.S. places on both privacy and security.
“There are legal barriers and disincentives to the private sector sharing information with the government, that is something we need to overcome,” she said, adding, “Even within federal networks, a culture and authorities inhibit visibility, which is something we need to address.”
During a Feb. 10 hearing before the House Homeland Security Committee Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, said contracts federal agencies enter with their vendors block them from sharing information on cyber incidents across the government. He suggested writing CISA’s access to such information into those contracts.
In terms of a response to the perpetrator, Neuberger said discussions are underway and that she’s thinking about possible actions in their broader context.
“This isn't the only case of malicious cyber activity of likely Russian origin, either for us or for our allies and partners,” she said. “So as we contemplate future response options, we're considering holistically what those activities were.”
The Cyber Unified Coordination Group has said the “likely Russian” hack appears to be an intelligence-gathering effort. Neuberger made a distinction between the hacking campaign and accepted acts of cyber espionage.
“When there is a compromise of this scope and scale, both across government and across the U.S. technology sector to lead to follow on intrusions, it is more than a single incident of espionage,” she said. “It's fundamentally of concern for the ability for this to become disruptive.”