#Jenna McLaughlin: Top Biden cyber official: SolarWinds breach could turn from spying to destruction in a moment

WASHINGTON - President Biden's top cybersecurity adviser says "likely Russian" hackers who breached popular IT monitoring software SolarWinds could use their access to "degrade" or "destroy" networks rather than simply spy on them "on one moment".

Speaking Wednesday night during a digital panel discussion hosted by the Council on Foreign Relations, Anne Neuberger, the deputy national security adviser on cybersecurity and emerging technology at the National Security Council, said: "Even if it is a Routine espionage, "the action" remains contrary to our interests "and requires the United States government to find ways to force the perpetrators to reconsider their actions in the future." How do we change the calculation of our attackers so that think of the tricks you may be doing? "

Neuberger's comments come amid an ongoing debate over whether the breach was an act of digital warfare or a carefully crafted spy campaign, and following an essay by Marcus Willett, a former senior cyber adviser at the digital intelligence agency. Britain's GCHQ, urging the US to be cautious in retaliating. Willett considered SolarWinds a "surgical" espionage campaign by the Russians, rather than a reckless and destructive effort.

The Biden administration is still investigating the aftermath of the expansive SolarWinds breach, which gave hackers, believed to be Russians, access to at least nine US government agencies and a host of private US companies. While senior administration officials have yet to explain what a response to the violation would look like, they continue to insist that it will arrive in "weeks, not months," according to conversations with journalists in mid-March.

Neuberger did not elaborate, but said the White House will adapt lessons learned from responding to a recent compromise of Microsoft Exchange email servers, while remaining vigilant for potential additional repercussions, including tracking Russian digital attacks.

Neuberger recalled how the White House organized a "unified coordination group" following news that tens of thousands of organizations had been compromised due to hackers exploiting vulnerabilities in Microsoft email software in early March, a attack linked to China. That group, which included private sector executives for the first time as full partners, looked for ways to address the gap.

After the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency identified the victims, the White House quickly worked with Microsoft to issue a "one-click" option that customers could use to patch their software, reducing the number victims from more than 100,000 to less than 10,000, Neuberger said.

"That kind of brainstorming ... is really the kind of model we're going to use," he said.

Neuberger also discussed several upcoming executive orders on cybersecurity. 

The first, which has already been widely reported, will focus on protecting federal networks by requiring companies that sell software products to the United States government to meet minimum cybersecurity standards and report violations. “One of the things that makes cybersecurity a confusing problem is that software and hardware are riddled with vulnerabilities,” Neuberger said. "There is a fundamental failure in the market."

The second EO will deal with industrial control systems for utilities, such as water and electricity. Cybersecurity experts, especially those who have researched Russian attacks on Ukraine's electrical grid, have warned of dangerous attacks on key control systems for years. "We have to trust the basic systems of our society," Neuberger explained. "We seek insight on these networks to detect anomalous behavior and prevent anomalous behavior."

Neuberger also addressed questions about how the United States government might find ways to solve gaps in local network visibility. According to investigations into the SolarWinds hack, the attackers used the Internet infrastructure in the United States to launch their attacks, which left agencies such as the National Security Agency, which is largely empowered to only monitor foreign internet traffic, unable to track it.

http://www.shadowville.com/board/sales-support/livefootball-betting-online-with-the-online-football-website-ufaball88-only#p473407 https://www.jobhub.live/it-swaredbqawebgraphicsgis/graphics-designer/think-long-and-hard-supreme-court-justice-stephen-breyer-pushes_i3874 https://expressafrica.et/read-blog/2724 https://cox.tribe.so/post/most-reputable-users-hyperlink-606ea2e1e4bff62aa2d5162b https://skillnet.instructure.com/eportfolios/17133/Home/FREE_50100_PSN_Gift_CardFREE_PlayStationStore_Code_50

NSA Director Paul Nakasone described this lack of visibility as a "gap" that must be addressed, although cybersecurity experts cautioned that granting the agency additional surveillance powers may not actually help it stop attackers faster. A private sector company, FireEye, first alerted the US government to this violation.