Tuesday, 23 February, saw the first of a series of hearings relating to the SolarWinds cyberattack. Speaking during the three hour long hearing in front of the US Senate were representatives from Microsoft, CrowdStrike, FireEye, and SolarWinds, with one notable absence: Amazon.
The hearings also took place against the backdrop of the news that the US government is considering sanctions against the alleged perpetrator of the hack, Russia.
Microsoft President Testifies at SolarWinds Hearing
The hearing is the start of proceedings to ultimately figure out the why and wherefore of the SolarWinds cyberattack.
Speaking at the SolarWinds hearing were:
- Microsoft President Brad Smith
- FireEye CEO Kevin Mandia
- CrowdStrike President and CEO George Kurtz
- SolarWinds CEO Sudhakar Ramakrishna
The big question most Senators wanted answering concerned the origin of the attack. Microsoft President Brad Smith said that "At this stage, we've seen substantial evidence that points to the Russian foreign embassy, and we've seen no evidence that points to anyone else."
Smith's take on the attack was somewhat corroborated by CrowdStrike President and CEO George Kurtz, who said that although they didn't want to name a specific suspected nation-state threat actor, the evidence "was most consistent with espionage and behaviors we've seen out of Russia."
Smith refers to Microsoft's estimation that 1000 engineers worked on SUNBURST -- adds they were 1000 "very skilled" engineers.
— Joe Uchill (@JoeUchill) February 23, 2021
Brad Smith also noted that Microsoft doesn't think the SolarWinds attack is finished. SolarWinds was a supply-chain hack, which compromises a third-party vendor in the supply chain to gain access to the primary target. Worryingly, Smith warned that Microsoft is "Continuing to investigate as we do not believe all supply chain vectors have yet been discovered or made public."
The true extent of the attack may take much longer to emerge as companies are not required to reveal they were victims of such an attack. In that, Brad Smith also said that "It's imperative for the nation that we encourage and sometimes even require better information-sharing about cyberattacks."
White House Considering Sanctions Against Russian Government
Particularly of note were comments from White House press secretary Jen Psaki, who confirmed that the wider intelligence community is working to "fine-tune the attribution" of the SolarWinds attack to Russia and that the attribution was "weeks, not months" away from confirmation.
With an estimated 18,000 agencies, companies, and organizations directly affected by SolarWinds, it is no wonder the Biden administration is considering sanctions against the Russian government.
But while the US government is considering sanctions against the alleged attacker, US officials have made it clear that nothing will happen until that attribution is confirmed. As the SolarWinds attack was such a shock, having remained out of sight for over nine months, there is a feeling that waiting just a little longer to ensure accuracy is worthwhile.