Here are the 5 most important takeaways from the US Senate’s grilling of SolarWinds, Microsoft, CrowdStrike and FireEye over what could be the biggest cyberattack in history (MSFT, FEYE, CRWD, SWI)

Brad Smith

Summary List Placement

Senators grilled top tech executives about the sprawling SolarWinds cyberattacks during a hearing Tuesday that brought widespread support for new cooperation between the cybersecurity industry and government.

The Intelligence Committee hearing was the Senate’s first inquiry into the massive hack that compromised hundreds of US companies and nine major government agencies. Hackers implanted malware into widely used software distributed by SolarWinds, which the cybersecurity firm FireEye first discovered in December.

The CEOs of those two companies testified, as well as the CEO of CrowdStrike, a cybersecurity firm investigating the attacks, and Brad Smith, the president of Microsoft. The hearings did not bring many new revelations about the attacks – while the executives testifying generally supported the widely-held belief that Russia was behind the attacks, they were also careful to note that this theory remains unproven. It’s also still unknown how the attacks began.

But the hearings did signal how the nation will move forward from what senators and executives speculated may be the largest cyberattacks in history – including new legislation, a potential new federal agency, and new ways of pushing back against foreign adversaries.  

Here are 5 key takeaways from Tuesday’s hearing.

1. Fingers pointed to Russia as the hack’s perpetrator — and companies want the US to hold Russia accountable

Committee chair Mark Warner of Virginia advocated for attribution to Russia as a way of moving forward on cybersecurity policy, but vice chairman Marco Rubio, a Florida Republican, warned against characterizing the hacks as an act of aggression until lawmakers can “see the full extent of the damage.”

Smith of Microsoft made the most forceful case against Russia, arguing that the attack’s sophistication and methods track with previous attacks linked to Moscow, and the other executives did not disagree. But Mandia argued that attribution was the government’s job, and that the companies were best-suited only to provide evidence. The companies did say they supported drawing some international boundaries against hacking that endangers lives – and pushing back against hostile nation-state hackers.   

The hearing comes as the Biden administration is reportedly preparing sanctions against Russia for its suspected role in orchestrating the hack. Lawmakers pressed CEOs for details to establish whether the hacking demonstrated recklessness or put Americans in harm’s way, which could make the attacks grounds for sanctions and distinct from  the routine type of espionage also carried out by US intelligence agencies.

2. Amazon was a no-show despite being invited, and lawmakers weren’t happy about it

Amazon Web Services, which has not previously been identified as a major target or company involved with the attacks, declined to take part in the hearings.

The committee wants to investigate how hackers used Amazon’s cloud infrastructure to stage the attacks, and was obviously frustrated by the company’s absence.

Members of the Senate committee took turns disparaging AWS for not taking part. “Apparently they were too busy,” griped Rubio. “They have an obligation to participate,” said Susan Collins, a Maine Republican. “If they don’t, I think …read more

Source:: Business Insider


(Visited 12 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *