Russia ‘Acted With Impunity’ in Hack on U.S., Senator Says
(Bloomberg) -- U.S. officials say a lengthy effort lies ahead to identify the extent of a suspected Russian hack on federal agencies and private companies, and to craft an appropriate response.
“We’re just getting our arms around the scope of this cyber-compromise,” Christopher Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said on Sunday.
Senator Mitt Romney said Russia “acted with impunity” in enacting the massive, cyber breach, and that President Donald Trump, who leaves office next month, has a “blind spot” about it.
Speaking on NBC’s “Meet the Press,” the Utah Republican said the action attributed to Russia “demands a response, and the response you’d expect to occur would be a cyber response.”
It’s unclear, though, if the U.S. has the capacity to do that in a way that would be of the same scale, he said.
Senator Mark Warner of Virginia, vice chairman and top Democrat on the Senate Intelligence Committee, said Russia “came away with a big, big haul,” but that the government was still assessing the damage.
Months of Work
It will take “literally weeks to continue to ferret this out and then potentially months to remediate,” Warner said on ABC’s “This Week.”
Trump on Saturday contradicted top U.S. intelligence officials and Secretary of State Michael Pompeo in suggesting the hack, first reported a week ago, may have been the work of China.
“I was disappointed with the president’s comment. But I think we’ve come to recognize that the president has a blind spot when it comes to Russia,” Romney said, adding that Trump may feel that criticizing Russia “reflects poorly on him.”
The attack attributed to Russia targeted updates in widely-used software from Austin, Texas-based SolarWinds Corp.
The company sells technology products to entities including the State Department, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, the U.S. military and most Fortune 500 companies, according to the company’s website and government data.
So far, a number of state governments, the city network in Austin, the U.S. nuclear weapons agency and software giant Microsoft Corp. have reportedly had their systems exposed by the attack.
Still, it appears that no one is sure of exactly what the hackers infiltrated, or about the full extent of what was taken. A Kremlin official has denied the allegations.
Krebs, speaking on CNN’s “State of the Union,” said other software companies may have been compromised as well. “These supply chain compromises are particularly hard to defend against,” he said.
The hacks are unlikely to be used to attack U.S. infrastructure like water treatment plants or electric utilities, he said -- something that Romney suggested -- but were “most likely an intelligence-collection operation.”
“This is just one campaign in a long battle in cyberspace,” Kevin Mandia, chief executive officer of the cybersecurity company FireEye Inc., said on CBS’s “Face the Nation.”
Pompeo on Friday night linked Moscow to the attacks, saying in a radio interview that Russian President Vladimir Putin “remains a real risk to those of us who love freedom.” His assessment was undercut within hours by Trump’s tweets.
Ron Klain, incoming White House chief of staff, on Sunday criticized the mixed messaging from the Trump administration.
“We should be hearing a clear and unambiguous allocation of responsibility from the White House,” said on “Face the Nation.” “That has to come from the current government.”
©2020 Bloomberg L.P.