Agencies, feds reeling from most recent cybersecurity breach
- By FederalSoup Staff
- Dec 17, 2020
Bad memories of the infamous OPM hack of 2015 are haunting federal cybersecurity experts, as word of another super-sized hack affecting multiple agencies is rippling across the federal community.
The intrusion reportedly came through the “back door”, via a run-of-the-mill software update, straight to the heart of malware defenses themselves.
The current breach, experts say, might in the end be worse than the infamous debacle disclosed five years ago.
“CISA Declares Emergency Directive,” bluntly warns a banner announcement about the breach, now on the homepage of the Cybersecurity Infrastructure Security Agency. For more on that directive, click here.
CISA is the nation’s lead guard dog against electronic theft or attack on key data storehouses and systems. The agency is admitting massive failure—and warning feds who work across the government, and the public, of likely more bad news to come.
CISA—along with its partners the FBI and the Office of the Director of National Intelligence—has “become aware of a significant and ongoing cybersecurity campaign” that has breached defenses resulting in data theft from multiple agencies, the agency directive says.
The breach, according to pertinent officials and experts quoted in news reports and online announcements, originated in a security breach of SolarWinds Orion, whose systems and software are used by much of the government as well as private organizations and companies. The failure, and related breach of FireEye systems, may have been in progress for a period of months. The news organization Reuters was the first major media to report the hack. Since that time, there have been multiple update reports from Reuters, the Associated Press wire, USA Today, the Wall Street Journal, and others.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” as CISA explained the ongoing story. “As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”
“The FBI is engaging with known and suspected victims, and information gained through FBI’s efforts will provide indicators to network defenders and intelligence to our government partners to enable further action,” CISA further said in its announcement.
“As the lead for asset response activities, CISA took immediate action and issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network,” CISA noted. “CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident.”
For now, the various company and government announcements offer limited details on how the breach occurred. Officials are soliciting information for any information feds or others may have on the matter.
“To report suspicious or criminal activity related to information found in this statement, contact your local FBI field office at www.fbi.gov/contact-us/field,” CISA states. “To request incident response resources or technical assistance related to this statement, visit https://www.us-cert.gov/report or email Central@cisa.gov.”