'Scope and Impact' of SolarWinds Hack Still Being Assessed, Says Intel Committee

Members of the House and Senate Intelligence committees were briefed Wednesday on a cyberattack against some U.S. government agencies by a foreign entity.

Cybercriminals allegedly attacked a management software program created by the Texas technology firm SolarWinds. Through a vulnerability in the firm's Orion software, hackers allegedly gained access to a number of U.S. agencies including the U.S. Treasury Department and the Department of Homeland Security.

"The United States faces untold numbers of cyber threats from malicious foreign actors," House Permanent Select Committee on Intelligence Chairman Adam Schiff said in a Wednesday statement, "both to the government agencies and private industry, and sometimes both at the same time. The seriousness and duration of this attack demonstrate that we still have enormous and urgent work to do to defend our critical information and networks, that we must move quicker than our adversaries do to adapt."

"Cybersecurity professionals in the government and private sector will need to work tirelessly to assess the scope and impact of the SolarWinds vulnerability on the United States and our allies," the statement continued.

Schiff said more briefings would occur in the future and that the intelligence communities would "press for the latest information to be shared with Congress and the American people about this significant attack."

Schiff's office directed Newsweek to the statement from the House Permanent Select Committee on Intelligence.

adam schiff solarwinds hacking statement
"We must move quicker than our adversaries do adapt," Congressman Adam Schiff said Wednesday about the alleged hack of U.S. government agencies by a foreign entity. Senate Television/Getty

Many details about the hacking attempt have not been publicly released. In a statement sent to Newsweek on Monday, SolarWinds President and CEO Kevin Thompson indicated the company became aware of a vulnerability in the Orion software which the company believed was "the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state."

CISA, the FBI and the Office of the Director of National Intelligence (ODNI) have created the Cyber Unified Coordination Group (UCG) "to coordinate a whole-of-government response to this significant cyber incident," according to a statement sent to Newsweek by the FBI on Thursday.

"This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," the statement read.

The ODNI is expected to take the lead on intelligence support. Members of the FBI will be handling threat response while CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident."

Although the hack was initially suspected to carried out by Russia, Kremlin spokesperson Dmitry Peskov denied the allegations. "Once again, I can reject these accusations," Peskov said, according to the Associated Press. "If for many months the Americans couldn't do anything about it, then, probably, one shouldn't unfoundedly blame the Russians for everything."

While the names of agencies that were potentially hacked have not been released, SolarWinds listed a number of government agencies on its website. Among its clients were the U.S. Air Force and the U.S. Department of Defense. The page that provided the names of some of SolarWind's customers has been removed from the website.

Despite the lack of information about the hack, former White House Chief Information Officer Theresa Payton said Monday that the breach was "serious."

"The fact that many organizations have been impacted, departments and agencies—the U.S. military have been impacted potentially because of this compromise," Payton said during a Wednesday interview on CNBC. "You can't trust electronic communications right now on the unclassified side."

Updated 12/17/2020 10:43 p.m. EST: This story has been updated with a statement from the FBI.