US lawmakers and cyber security experts were scrambling to comprehend the scale and scope of the worst-ever hack of US government agencies on Friday, with President Donald Trump under fire for failing to blame Russia for the attack.
Democrats in Congress launched an investigation into the breach and blasted Mr Trump, a Republican, for staying “silent” on a major threat while Marco Rubio, a Republican senator, said it was time to “retaliate” with something tougher than sanctions.
Hackers gained access to the networks of several US government agencies and about 18,000 other clients of the technology company SolarWinds by hiding malicious code in a software update. Analysts point to a Russian government operation, though Moscow has denied any role.
Three US government departments have confirmed they were breached, including the Department of Energy, which manages the country's nuclear weapons. Tech giant Microsoft says clients in seven countries across North America, Europe and the Middle East were affected.
Democratic lawmakers bashed Mr Trump, who has made no public statement on the hack and whose administration has been criticised for cybersecurity cutbacks and downplaying Russian meddling in the 2016 presidential election.
“Why is the president still silent on this major threat to the homeland?” said a tweet made on Friday by the House Homeland Security Committee, headed by Bennie Thompson, a Democrat.
Mr Thompson, Carolyn Maloney, head of the House Committee on Oversight and Reform, and other Democrats said in a letter on Thursday that they were investigating the “devastating” breach of important federal networks.
“Our committees are seeking information related to the apparent widespread compromise of multiple federal government, critical infrastructure and private sector information technology networks,” the lawmakers wrote.
“While investigations and technical forensic analyses are still ongoing, based on preliminary reporting, it is evident that this latest cyber intrusion could have potentially devastating consequences for US national security.”
Marco Rubio, the Republican head of the Senate Select Committee on Intelligence, said the hack was “consistent with Russian cyber operations” but said the US needed “complete certainty” before taking action against Moscow.
“We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions,” Mr Rubio wrote on Twitter.
The methods used to carry out the cyberhack are consistent with Russian cyber operations.
— Marco Rubio (@marcorubio) December 18, 2020
But it’s crucial we have complete certainty about who is behind this.
We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.
Gary Peters, the top Democrat on the Senate Committee on Homeland Security, said the attack underscored the need for government agencies to boost defences against evermore savvy foreign hackers.
“This breach shows our adversaries are relentless,” said Mr Peters.
“I’m focused on working together to do more to ensure our government agencies and independent contractors are more secure and better prepared to defend themselves against and respond to cyber threats.”
This breach shows our adversaries are relentless. As @HSGAC Ranking Member I’m focused on working together to do more to ensure our government agencies and independent contractors are more secure and better prepared to defend themselves against and respond to cyber threats. pic.twitter.com/GdnvLKAfif
— Senator Gary Peters (@SenGaryPeters) December 18, 2020
Fears of a Russian-built backdoor into computer systems also raised alarms in Britain, where the software is used by the National Health Service (NHS), police forces, as well as the justice and intelligence-gathering branches of government.
“We have issued a high severity alert to the NHS which explains the action to take to mitigate this threat,” an NHS representative said in a statement.
“We have been working closely with the National Cyber Security Centre to investigate this issue robustly. So far, we have no indication of any malicious activity, but our investigation is ongoing.”
SolarWinds also has contracts with the European Parliament and the Nato military alliance, according to the firm’s website.
“Our experts are currently assessing the situation, with a view to identifying and mitigating any potential risks to our networks,” a Nato representative said on Friday.
The sophisticated, months-long breach, which was first acknowledged by officials on Sunday, has caught many organisations off guard. Researchers say it could take years to understand its full impact.
Investigations have focused on a vulnerability in SolarWinds’s Orion software, though on Thursday the US Cyber Security and Infrastructure Security Agency said this may not have been the only “access vector” used by the hackers.
UN spokesman Farhan Haq on Friday urged the organisation's 193 members to “protect” themselves from cyber attacks and said the world body was “trying to discourage any nations from compromising the cyber facilities of other nations”.
