The Cybersecurity 202: Lawmakers want more details about Russian hackers accessing Chad Wolf’s emails

The Department of Homeland Security, alongside eight other federal agencies, was already publicly reported as a victim of the months-long Russian hacking campaign. Wolf is the first intelligence official named as having emails ensnared in the attack, which is often referred to as “SolarWinds” for one of the software providers Russians breached to conduct the attack. 

The Department of Homeland Security declined to confirm whether Wolf’s emails were taken or the nature of the emails that were accessed.

The new details emerge as Congress weighs legislation to address the fallout of the attack and shore up cyber defenses. The looming questions about the attack could put that process at a disadvantage.

“The more we learn about the victims of this cyber intrusion, the greater the need for the U.S. to develop a cyber-doctrine and strategy to counter against these types of attacks,” Sen. Mark R. Warner (D-Va.), chair of the Senate Select Intelligence Committee, wrote in a statement.

Lawmakers are weighing a number of proposals in response to the SolarWinds hack and more recently a widespread breach of thousands of Microsoft Exchange servers by Chinese hackers. Legislative responses could include new breach reporting laws that would require companies to report to the government when they have been hacked.

Sen. Ron Wyden (D-Ore.) warned that the limited information could push policymakers in the wrong direction.

“Americans still don’t know the full scope of the SolarWinds hack, what information was taken, or even the names of every agency that was breached. It’s telling that even without that critical information, some are pushing to expand the NSA’s authority into domestic surveillance,” he wrote in a statement, referring to the endorsement of such a move by some former officials.

House Oversight Committee Chairwoman Carolyn B. Maloney (D-N.Y.) vowed that her committee will continue joint investigations into the full impact of the attack and look at what steps are needed for Congress to take to improve federal cyber defenses.

“When the federal agency responsible for cybersecurity is itself a victim of a major attack that goes undetected for months, we should all be extremely concerned,” Maloney said in a statement.

“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,” Sen. Rob Portman of Ohio, the top Republican on the Senate’s Homeland Security and Governmental Affairs Committee, told the Associated Press. “We are talking about DHS’s crown jewels.”

Recent hearings on the hacking campaign have focused on a need for more funding for the agency. Cybersecurity and Infrastructure Security Agency, DHS’s cybersecurity division, received $650 million as a part of Biden’s recovery plan. But Acting CISA director Brandon Wales said in a recent congressional hearing that the money was only a “down payment” on the improvements the agency needs to make.

A DHS spokesperson said that only “a small number of employees’ accounts were targeted in the breach” and that the agency “no longer sees indicators of compromise on our networks.” The agency is in communication with affected individuals, the spokesperson added.

National security adviser Jake Sullivan told Jennifer Jacobs at Bloomberg News that the administration is in the “closing stages” of its decision-making process and that it is considering “seen and unseen” responses. He declined to disclose any details, but options on the table include sanctions or even a counterattack against Russian networks. 

A senior administration official told reporters earlier this month that a response would be forthcoming in “weeks, not months.”

The team that maintains the language said on Sunday that it is investigating the hack and moving its server, the Record’s Catalin Cimpanu reports. The attack on the PHP language, which is used by an estimated 79 percent of websites across the Internet, would have given hackers a way to infiltrate websites using updated software. 

The attack comes as the Biden administration is preparing an executive order to secure the software that American companies and government rely on. Rasmus Lerdorf, a member of the PHP team, shot down speculation that the incident was an April Fools’ Day joke, adding that it is “really, really hard to sneak something in like this.”

The country’s parliament lost email access and the operations of a major media company, Nine Entertainment, were interrupted, Cyberscoop’s Shannon Vavra reports. Authorities are investigating the attacks and haven’t said whether they’re linked. Sources told the Age newspaper, which is owned by Nine, that experts believe a state-sponsored hacking group used malicious software to hold systems run by the media company for ransom. 

The attacks come amid a rise in hacks for ransom and more brazen cyberattacks on parliaments, particularly in Europe. It also comes as Australia, a cyber ally of the United States, fends off cyberattacks. It’s not the first time the country’s parliament has been hit; in 2019, Australian authorities concluded that China was behind a cyberattack on the parliament that year.

Energy Secretary Jennifer Granholm and deputy national security adviser Anne Neuberger this month briefed energy industry executives on the plan, which could be issued within weeks, Bloomberg News’s Jennifer Jacobs, Jennifer A. Dlouhy and Michael Riley report. It comes as government watchdogs and security researchers warn of vulnerabilities in the grid, especially in the wake of the SolarWinds attack, which hit critical infrastructure companies.

“The administration is committed to improving cyber vulnerabilities in the core services Americans rely on as a top cybersecurity priority,” Neuberger said on Monday. “We designed this initiative — focused on the electricity utilities — to achieve that. And, as with every element of our cybersecurity strategy, we’re doing it in partnership with the private sector.”

Activist group Free Speech for People has sued the Election Assistance Commission for access to communications between private voting-machine vendors and the commission, which developed guidelines that concluded that voting machines are allowed to have wireless technology but must have their wireless capabilities disabled. The group requested the documents under the Freedom of Information Act.

Freelance journalist Mikael Thalen managed to figure out what caused a gibberish-filled tweet by U.S. Strategic Command:

Red Canary intelligence director Katie Nickels:

Reporter Daniel Moritz-Rabson had a key takeaway:

• The CMMC Accreditation Body named Matthew Travis, the former deputy director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, as its first CEO. The CMMC Accreditation Body implements Defense Department cybersecurity standards.
• Alpine Group Partners has registered to lobby for RunSafe Security effective Feb. 15. The firm plans to lobby on cybersecurity funding in defense appropriations and authorization bills.
• Forbes-Tate registered to lobby for CalypsoAI effective Feb. 15. The firm plans to lobby on emerging technology issues.
• Agnes Callamard, a UN human rights investigator who said Saudi crown prince Mohammed bin Salman may have been involved in a hack of Amazon CEO and Washington Post owner Jeff Bezos, is Amnesty International’s new Secretary General. Mohammed has denied the allegations.

• The U.S. Chamber of Commerce holds an event on North Korean hacking today at 2 p.m.
• FCC commissioner Brendan Carr speaks at a Center for Strategic and International Studies event on securing U.S. networks from China today at 2:30 p.m.
• Homeland Security Secretary Alejandro Mayorkas discusses cybersecurity at an RSA event on Wednesday at 1 p.m.