The Senate Select Committee on Intelligence concluded its hearing on the massive SolarWinds hack on Tuesday having touched on proposals ranging from the creation of a new federal agency for reporting cyber threats to best practices for businesses and government agencies to avoid future hacks. 

The hearing featured Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna, and the CEOs of cybersecurity firms CrowdStrike and FireEye. Though there was some back-and-forth over the details, all agreed that the federal government should create a new clearinghouse for cybersecurity.  

"I still believe it is critical we find a way to have a centralized agency that we can report threat intelligence to confidentially," said Kevin Mandia, CEO of FireEye, which first identified the threat back in December. "That means we get the intelligence into the hands of people who can take actionable steps way faster than disclosure of incidents, which just takes too long." 

He also joined the rest of the panel in calling for some kind of reporting requirement for companies, though the exact details were debated, such as whether it should be confidential or if there should be liability protections. 

Mandia explained that FireEye's discovery of the hack — which compromised 100 private companies and nine federal agencies through 18,000 entities who downloaded a tainted software update from the SolarWinds Orion platform — was a massive undertaking, requiring "thousands of hours" of investigation to essentially find a "needle in a haystack." 

All the participants stressed the importance of a combined public-private response. Vice-chairman of the Committee Sen. Marco Rubio said "The bottom-line question is, 'how did we miss this?'" and what can the private sector and the U.S. government do together to make sure it doesn't happen again.

Rubio also cautioned against the use of certain loaded words, such as "attack", to describe what happened, and he stuck to the Biden and Trump administration's conclusions that the hack was only "likely of Russian origin."  

Smith of Microsoft was more explicit in assigning blame. 

"At this stage, we've seen substantial evidence that points to the Russian Foreign Intelligence Service, and we've seen no evidence that leads us anywhere else," he said. 

New Committee Chair Sen. Mark Warner noted that the intrusion had the potential to be "exponentially worse," given the level of access achieved.  

Crucially, however, the panel shared the opinion that right now the breach looks like an act of espionage, rather than an attempt to disrupt or wreak havoc on the U.S. economy or government. 

"Disruption would have been easier than what they did," Mandia said. "They had focused, disciplined data theft. It's easier to just delete everything in a blunt force trauma and see what happens, which other actors have done." 

This is another reason the panel roundly agreed that whoever committed the hack was highly sophisticated. Smith noted that in all likelihood at least 10,000 engineers were involved in pulling it off. 

"This is indicative of a nation-state actor, and it's in their interest to maintain persistence," said George Kurtz, president and CEO of CrowdStrike. "If they were collecting data, they want to continue collecting information over a period of time." 

On the question of whether or not the hack was ongoing, Ramakrishna of SolarWinds stressed that the tainted "code has been removed and is no longer an ongoing threat to the Orion platform."

Share:
More In Business
Michigan Judge Sentences Walmart Shoplifters to Wash Parking Lot Cars
A Michigan judge is putting sponges in the hands of shoplifters and ordering them to wash cars in a Walmart parking lot when spring weather arrives. Genesee County Judge Jeffrey Clothier hopes the unusual form of community service discourages people from stealing from Walmart. The judge also wants to reward shoppers with free car washes. Clothier says he began ordering “Walmart wash” sentences this week for shoplifting at the store in Grand Blanc Township. He believes 75 to 100 people eventually will be ordered to wash cars this spring. Clothier says he will be washing cars alongside them when the time comes.
State Department Halts Plan to buy $400M of Armored Tesla Vehicles
The State Department had been in talks with Elon Musk’s Tesla company to buy armored electric vehicles, but the plans have been put on hold by the Trump administration after reports emerged about a potential $400 million purchase. A State Department spokesperson said the electric car company owned by Musk was the only one that expressed interest back in May 2024. The deal with Tesla was only in its planning phases but it was forecast to be the largest contract of the year. It shows how some of his wealth has come and was still expected to come from taxpayers.
Goodyear Blimp at 100: ‘Floating Piece of Americana’ Still Thriving
At 100 years old, the Goodyear Blimp is an ageless star in the sky. The 246-foot-long airship will be in the background of the Daytona 500 — flying roughly 1,500 feet above Daytona International Speedway, actually — to celebrate its greatest anniversary tour. Even though remote camera technologies are improving regularly and changing the landscape of aerial footage, the blimp continues to carve out a niche. At Daytona, with the usual 40-car field racing around a 2½-mile superspeedway, views from the blimp aptly provide the scope of the event.
Load More