open lock (Alexander Softog/Shutterstock.com)

Agencies, feds reeling from most recent cybersecurity breach

Bad memories of the infamous OPM hack of 2015 are haunting federal cybersecurity experts, as word of another super-sized hack affecting multiple agencies is rippling across the federal community.

The intrusion reportedly came through the “back door”, via a run-of-the-mill software update, straight to the heart of malware defenses themselves.

The current breach, experts say, might in the end be worse than the infamous debacle disclosed five years ago.

“CISA Declares Emergency Directive,” bluntly warns a banner announcement about the breach, now on the homepage of the Cybersecurity Infrastructure Security Agency. For more on that directive, click here.

CISA is the nation’s lead guard dog against electronic theft or attack on key data storehouses and systems. The agency is admitting massive failure—and warning feds who work across the government, and the public, of likely more bad news to come.

CISA—along with its partners the FBI and the Office of the Director of National Intelligence—has “become aware of a significant and ongoing cybersecurity campaign” that has breached defenses resulting in data theft from multiple agencies, the agency directive says.

The breach, according to pertinent officials and experts quoted in news reports and online announcements, originated in a security breach of SolarWinds Orion, whose systems and software are used by much of the government as well as private organizations and companies. The failure, and related breach of FireEye systems, may have been in progress for a period of months. The news organization Reuters was the first major media to report the hack. Since that time, there have been multiple update reports from Reuters, the Associated Press wire, USA Today, the Wall Street Journal, and others.

“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” as CISA explained the ongoing story. “As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”

“The FBI is engaging with known and suspected victims, and information gained through FBI’s efforts will provide indicators to network defenders and intelligence to our government partners to enable further action,” CISA further said in its announcement.

“As the lead for asset response activities, CISA took immediate action and issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network,” CISA noted. “CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident.”

For now, the various company and government announcements offer limited details on how the breach occurred. Officials are soliciting information for any information feds or others may have on the matter.

“To report suspicious or criminal activity related to information found in this statement, contact your local FBI field office at www.fbi.gov/contact-us/field,” CISA states. “To request incident response resources or technical assistance related to this statement, visit https://www.us-cert.gov/report or email Central@cisa.gov.”

Reader comments

Tue, Dec 22, 2020 MM

Kelly was convicted of over-turning US foreign policy by telling the Russians to ignore the sanctions before Trump took office. Jared Kushner's first question was how to set up a backdoor to the Russians. Trump has denied Russian involvement with the 2016 election and denied Russia is behind the SolarWinds hack. But apparently that doesn't Mitch McConnell or the Republican Party whatsoever.

Fri, Dec 18, 2020

Another day, another disaster. As the infamous saying goes: Something's rotten in the state of Denmark. And rot in our country like many others starts at the top. Not only was our captain asleep at the wheel, he hasn't said a single word of leadership since this news broke. Nor has he called out his bosses -- er, the perpetrator -- Russia. Wonder why that is? I guess he doesn't want them to stop payment on his next corrupt chapter in life, real estate deals or God knows what with his fellow crooks. Or maybe they have that dirt on him so many credulous people who voted for him say is a "hoax." If it's a hoax, why won't he ever, ever say anything bad about these people in Moscow? You know, those people who run a military dictatorship who we spent trillions to defeat in the last Cold War? I do not understand why the children and grandchildren of those who fought and won that conflict in our country's heartland believe somehow this one crazy failed businessman / carnival barker when he assures us the one utterly failed country at the Eastern edge of Europe is suddenly for no reason our "friend" who would never, ever tamper with our elections to help a crook like him, or, say, breach our government's computer systems in a massive attack. Folks, if you follow an idiot for more than a thousand days and he finally takes you over a cliff, what were you all along? Weren't you an idiot, too? (Set aside all the political ideas and economics--the guy is a very, very convincing (apparently) and dangerous LIAR, right? Here we are computers all breached. Not a word from Bozo. Adds up, don't you think?)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

2021 Digital Almanac

Stay Connected

Latest Forum Posts

Ask the Expert

Have a question regarding your federal employee benefits or retirement?

Submit a question