Response assessment
GAO Reports on Federal Agencies’ Response to SolarWinds, Microsoft Exchange Breaches
The Government Accountability Office has released its report on the SolarWinds and Microsoft Exchange incidents, describing how federal agencies reacted to the two high-profile cybersecurity incidents that affected the U.S. government.
The congressional watchdog found that federal agencies took several steps to coordinate and respond to the incidents, including forming two Cyber Unified Coordination Groups, Homeland Security Today reported Wednesday.
The auditors found that as early as January 2019, a threat actor breached the computing networks at Texas-based SolarWinds, a fact revealed by the company’s chief executive officer. The threat actor was later identified as the Russian Foreign Intelligence Service.
Since the company’s software, SolarWinds Orion, was widely used by federal agencies to monitor network activity and manage network devices on federal systems, the incident allowed Russian spies to breach U.S. government networks that used the software.
In March 2021, while the probe into the SolarWinds breach was still ongoing, Microsoft reported the exploitation of vulnerabilities to gain access to several versions of Microsoft Exchange Server, including versions that federal agencies hosted and used on their premises.
According to a White House statement, based on a high degree of confidence, malicious cyber actors affiliated with the People’s Republic of China’s Ministry of State Security were behind the operation.
GAO’s audit found that concerned federal agencies launched a multi-pronged approach to respond and mitigate the damage arising from the twin breaches sponsored by America’s adversaries. The first was the formation of one Cyber UCG for each incident. Both UCGs consisted of personnel from the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation and the Office of the Director of National Intelligence, with support from the National Security Agency.
The watchdog also noted that CISA issued emergency directives to inform federal agencies of the vulnerabilities and describe what actions to take in response to the incidents. To aid agencies in conducting their own investigations and securing their networks, UCG member agencies also provided guidance through advisories, alerts and tools, GAO said in its report.
Category: Cybersecurity