CISA and the SolarWinds attack: What do we know?

On November 17, President Trump appointed Brandon Wales as the director for the Cybersecurity and Infrastructure Security Agency (CISA).  Wales was a highly qualified choice, as he had been CISA's first executive director and previously served as the director of the DHS Office of Cyber and Infrastructure Analysis (OCIA), which provides analysis of cyber- and physical risks to America's critical infrastructure.

Perhaps the most pressing cyber-security issue for America and CISA currently is the fallout from the SolarWinds hacking attack that has affected at least 2,000 computer systems belonging to over 100 governmental and non-governmental agencies around the world.  News of the attack was first reported a few weeks after Wales took over CISA.

The attacks have been attributed to APT29 (Advanced Persistent Threat).  The Russian hacking group is known by several aliases including Cozy Duke, Cozy Bear, the Dukes, and Office Monkeys.  The hackers used a new malware strain known as SUNBURST in the attack.

Wales told the website cyberscoop last week that "[t]he number [of federal victims] is likely to grow with further investigation." 

Wales's predecessor, Christopher Krebs, was fired from his position as Director for the Cybersecurity and Infrastructure Security Agency (CISA) just as President Trump began his legal challenge to the 2020 presidential election results.  Krebs's firing followed a November 12 joint statement released on CISA's website from two groups known as the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committee.  They claimed that "[t]he November 3rd election was the most secure in American history.  Right now, across the country, election officials are reviewing and double-checking the entire election process prior to finalizing the result." 

Krebs, who held America's top cyber-security post during most of the attack, which is thought to have started in March of 2020, was hired by SolarWinds as a consultant last week.

"We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry-leading secure software development company," according to a press release from SolarWinds.

Krebs, it can be argued, failed to protect America from the scourge of foreign APTs, which have been victimizing the United States from countries that include Russia, China, and Iran.  It is a reasonable critique.  In addition, Krebs's statement regarding 2020 election security failed to mention the hacking attack against Hall County, Ga. that exposed the voter information of more than 180,000 residents. 

At this point, SolarWinds is banking on the insider knowledge Krebs brings to the situation.  The company hopes that by employing Krebs and putting him in a situation where he can focus solely on this matter, and not American cyber-security as a whole, he can help secure SolarWinds and its clients from similar attacks in the future.  Whether or not Krebs is up to the task remains to be seen.   

Among the federal-level agencies that were affected by the attack are the Departments of Energy, Commerce, and Justice.  The attack, which is thought to have begun in March of 2020, will likely help shape the foreign policy of the early Biden administration.   

CISA will play an enormous role in helping both civilian and government agencies better secure their networks in the aftermath of the SolarWinds attack.  The recent National Defense Authorization Act, which became active on January 1, gives CISA new and increased jurisdiction to hunt down vulnerabilities on government agency networks. 

Wales himself has claimed that CISA has been able to identify "where we think that the fundamental structure" of data protection on networks needs to "evolve." 

Joe Biden's exact plans for CISA remain to be seen.  Wales may just be a placeholder for an eventual appointee from the new administration.  He could stay in an early showing of bipartisan goodwill as America attempts to enter what the left is referring to as a "period of national healing," or he may wind up on the chopping block due to his appointment and association with the Trump administration.  The next few weeks will be critical to the history of American cyber-security.  

Julio Rivera is a business and political strategist, the editorial director for Reactionary Times, and a political commentator and columnist.  His writing, which is focused on cyber-security and politics, has been published by websites including The Hill, Newsmax, The Washington Times, Real Clear Politics, Townhall, American Thinker, and many others.

Image: Christopher Krebs.  YouTube screen grab.