The FBI, CISA and Office of the DNI released a joint statement tonight on the SolarWinds cybersecurity incident.
The three government investigative bodies are reportedly working together on the SolarWinds breach that was announced earlier this week.
FOR IMMEDIATE RELEASE
ODNI News Release No. 44-20
Dec. 16, 2020
Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)
Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of these agencies as they focus on their separate responsibilities. This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.
As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors. The FBI is engaging with known and suspected victims and information gained through FBI’s efforts will provide indicators to network defenders and intelligence to our government partners to enable further action.
As the lead for asset response activities, CISA took immediate action and issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network. CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected quickly recover from this incident. CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises.
As the lead for intelligence support and related activities, ODNI is helping to marshal all of the Intelligence Community’s relevant resources to support this effort and share information across the United States Government.
To report suspicious or criminal activity related to information found in this statement, contact your local FBI field office at www.fbi.gov/contact-us/field. To request incident response resources or technical assistance related to this statement, visit https://www.us-cert.gov/report or email Central@cisa.gov.
This was followed within hours as the US Department of State issued new warnings: “The Chinese Communist Party Poses a Real Threat”
Overnight the US State Department released three tweets warning of the Chinese Communist Party’s (CCP’s) threat to the US.
The first tweet from the State Department was a picture of the President confirming that the US is a sovereign nation:
President @realDonaldTrump: America is a sovereign nation and our first priority is always the safety and security of our citizens. https://t.co/955k8a9miC pic.twitter.com/16MhoqK0QV
— Department of State (@StateDept) December 17, 2020
Next the State Department released a tweet showing a speech by Secretary of State Pompeo where he says China’s Chairman Xi “has his eye on each and everyone of us”:
.@SecPompeo: It’s taken this country and indeed, the free world, a long time to understand the trajectory of China today. pic.twitter.com/tsATCOtgKb
— Department of State (@StateDept) December 17, 2020
The third tweet shares only this: “The Chinese Communist Party poses a real threat. We want China to engage on the world stage the way we ask every other nation to.”
.@SecPompeo: The Chinese Communist Party poses a real threat. We want China to engage on the world stage the way we ask every other nation to. pic.twitter.com/mQ7bHnXES1
— Department of State (@StateDept) December 17, 2020
A fourth tweet was released this morning discusses the CCP’s threat to national security as it relates to our financial markets:
The Chinese Communist Party’s threat to American national security extends into our financial markets and impacts U.S. investors. Learn how money flowing into major indices supports Chinese companies involved in military production and human rights abuses: https://t.co/ahxkGBFpjL
— Department of State (@StateDept) December 17, 2020
US officials announced days later (on 12/17) that the Nuclear Security Administration, which maintains US nuclear stockpile, was among the entities breached by state-sponsored hackers in the SolarWinds breach.
Cybersecurity expert Morgan Wright was on Lou Dobbs on 12/17 to discuss the cyber attack that hit the US which is likely the biggest attack in US history. Lou Dobbs said he doesn’t remember the cyber community ever saying an attack was of “grave, grave danger” and that the Department of Homeland Security has no capacity to stop it. Here are portions of what Wright said in response:2
Any time you call a meeting on Saturday in the National Security Counsel it’s serious. This is almost like a prelude to war! … Not only were the government agencies hit, we got Lockheed Martin, we’ve got Firerite…this very well could have started after the 2018 election…. this is Russia’s way of getting back in the game… they attacked… SolarWinds…the updates weren’t secure but they contained a malicious payload… it could be hundreds, it could be thousands of companies.
Later in the week, intel experts were comparing the intelligence breach on the US government to a “Digital Pearl Harbor.”
General Mike Flynn, the former National Security Adviser to President Trump, joined Lou Dobbs to discuss the SolarWinds cyber attack:
General Flynn: What I would say is SolarWinds is an entry point into the rest of our entire US critical infrastructure. So everything that touches the United States government, if you enter through this SolarWinds attack that we perceive you basically have keys to the vault… You’re able to rummage around and do damn near anything. So it’s a very, very serious attack… We’ve known about it for about six months as I understand it. So when we talk about our election security, Lou, I think this is all part of it because there’s a relationship between these SolarWinds attacks which has basically penetrated our entire infrastructure as well as our election securities… We know we have evidence of foreign influence in the election and this too. You know we’re talking about countries like China, countries like Iran, countries like North Korea, like Russia. These are adversaries that want to basically dominate with their ideology this country…
Sources: