As Congress gears up to press CEOs from SolarWinds, Microsoft, CrowdStrike, and FireEye about the massive data breach that impacted several U.S. government agencies and nearly 18,000 SolarWinds customers last year, Senator Mark Warner (D-Va.) said that aside from getting to the bottom of the hack, there needs to be a clear message sent that cyber warfare against the United States will not be tolerated.

"We need to have some common standards where we warn our adversaries that you take this kind of action, there's going to be consequences," Warner told Cheddar. 

Last month, law enforcement, security, and intelligence agencies released a joint statement following an investigation into the breach that said Russia was the likely culprit, though the Biden White House has yet to release a statement on the findings. According to Warner, it isn't a question if Russia is engaging in "asymmetrical warfare" but rather how the U.S. will respond.

"For a long time in America, because we are so I.T. dependent because we are so technology-driven, we were reluctant to hold the bad guys accountable," he said. "We saw that when the Chinese attacked the OPM files of all the government employees or when they attacked Equifax, 150 million Americans had their personal information exfiltrated. We were reluctant to punch back because we were afraid of cyber escalation." 

"We can't be timid in this space going forward," Warner stated. 

When it comes to grilling the tech companies during the Senate Intelligence Committee hearing, Warner said he plans to press them about avoiding future incidents, what methods of protection are being adopted, and if other cloud-based systems are currently susceptible to similar attacks. 

Though Russia has been implicated by U.S. intelligence agencies in the recent attack, the senator said he believes the affected businesses had a responsibility to protect their customers, have to be held liable as well, and be held to mandatory reporting rules.

"There were certain things, obviously, SolarWinds could have done better, but when we're dealing with a tier-one adversary, bringing their A-team, very few private sector companies, on their own, can prevent an intrusion," Warner noted. "But that does not mean that suddenly we're going to let these private sector companies off the hook for having responsible cyber hygiene behavior because even if the bad guys get in if you've got good cyber hygiene, you can spot them earlier."

Share:
More In Politics
Mexico Says It Might Sue Google Over “Gulf of America” Change
Mexican President Claudia Sheinbaum says her government is not ruling out filing a civil lawsuit against Google if it maintains its stance of calling the stretch of sea between northeastern Mexico and the southeastern United States the “Gulf of America.” Sheinbaum, in her morning press conference on Thursday, said the president’s decree to change the name of the Gulf of Mexico is restricted to the “continental shelf of the United States” because Mexico still controls much of the body of water. “We have sovereignty over our continental shelf,” she said.
Load More