FBI Director Christopher Wray suggested on Tuesday that the U.S. government will be responding to what’s become known as the “SolarWinds hack” with a multi-pronged approach of sanctions, law enforcement and bolstering of private security in what will be a “long, hard slog.”
Wray’s comments came during a Senate Judiciary hearing, which also included testimony about the Jan. 6 breach of the U.S. Capitol. He was questioned about the mid-December revelations that approximately 18,000 customers of the technology company SolarWinds had downloaded compromised software that allowed malefactors, believed to be from Russia, to spy on their computers for at least nine months.
U.S. government agencies and contractors, such as the departments of treasury, commerce, justice, defense, and the National Institutes of Health among others, were affected.
“It’s everything from not just the law enforcement piece, it’s foreign partner participation, it’s private sector hardening, it’s treasury sanctions, it’s a whole host of things, but when you put them together sequenced, well I would never suggest to you … that that is somehow going to eliminate the problem, (but) it does push the adversary back and slow their progress,” Wray said.
“This is going to be a long, hard slog.”
Wray said he didn’t want to be specific about the cyber intrusion in a public setting.
“Discussing the response in any detail is probably something that would be better done in a classified setting,” Wray said. “That by itself might give you a little bit of a hint, but what we have found, speaking more generally, over the last couple of years in the cyber arena in particular is that we are at our most effective when we have joint sequenced operations.”
The Washington Post reported on Feb. 23 that the Biden administration was planning a series of sanctions against Russia for the espionage.
Wray indicated that cyberattacks are inevitable, and that it was a just a matter of detecting and minimizing.
“We have long passed the world where it’s a question of if an organization is going to be the victim of a cyber intrusion, we are in the world of when, and the question is not whether someone was subject to a cyber intrusion, but how fast does it get detected, how well does it get mitigated,” Wray said.
Source: Newmax
