White House Stands Down Coordination Effort on SolarWinds, Microsoft Exchange Hacks

The White House signaled a return to normal operations following a pair of major breaches affecting federal agencies and plans to incorporate the private sector in coordinating responses to future incidents.

Following the hacks, the administration stood up the Cyber Unified Coordination Group, which consisted of the FBI, the Cybersecurity and Infrastructure Security Agency, the Office of the Director of National Intelligence with support from the National Security Agency, and—for the first time, according to the White House—input from the private sector.

“Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures,” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said in a statement Monday. 

Neuberger said events like the SolarWinds breaches—so called because attackers leveraged their access to the ubiquitous IT management company SolarWinds to distribute a trojanized software update to tens of thousands of customers—and intrusions into on-premises Microsoft Exchange servers will not be the last of their kind, and shared lessons learned for the future.

Chief among those is the importance of partnering with the private sector, something Neuberger said should continue going forward.

“The active private sector involvement resulted in an expedited Microsoft one-click tool to simplify and accelerate victims’ patching and clean-up efforts, and direct sharing of relevant information,” she said. “This type of partnership sets precedent for future engagements on significant cyber incidents.”