Wray hints at federal response to SolarWinds hack

FBI Director Christopher Wray on Tuesday hinted at the planned federal response to what has become known as the SolarWinds hack, stressing that confronting foreign attacks in cyberspace would be “a long, hard slog.”

During a Senate Judiciary Committee hearing, Wray was questioned about how to respond to the breach, which involved likely Russian hackers targeting software from IT group SolarWinds and other vectors to infiltrate at least nine federal agencies and 100 private sector groups. 

“Discussing the response in any detail is probably something that would be better done in a classified setting,” Wray said in response to a question from committee Chairman Dick Durbin (D-Ill.). “That by itself might give you a little bit of a hint, but what we have found, speaking more generally, over the last couple of years in the cyber arena in particular is that we are at our most effective when we have joint sequenced operations.”

“It’s everything from not just the law enforcement piece, it’s foreign partner participation, it’s private sector hardening, it’s Treasury sanctions, it’s a whole host of things, but when you put them together sequenced, well I would never suggest to you … that that is somehow going to eliminate the problem, [but] it does push the adversary back and slow their progress,” he added. 

“This is going to be a long, hard slog.”

The Biden administration has been weighing its response to the breach, which is seen as the worst cyber incident in U.S. history and was ongoing for a year before its discovery in December. 

Up to 18,000 customers of SolarWinds may have been compromised as part of the cyber espionage effort, and agencies including the Commerce, Defense, Homeland Security, Justice and Treasury departments were among those impacted. 

SolarWinds reported in a filing to the Securities and Exchange Commission (SEC) on Monday that it is cooperating with investigations from the SEC, the Justice Department, “various” state attorneys general and foreign law enforcement groups. 

The Washington Post reported last month that the Biden administration would soon roll out sanctions against Russia for the cyberattack, which was one of several key issues President Biden brought up during his first call in office with Russian President Vladimir Putin. 

While a response around SolarWinds has not yet been announced, the Biden administration did announce a range of actions against Russia on Tuesday in relation to the poisoning of opposition leader Alexei Navalny, including sanctions. These actions included coordination with the European Union and the United Kingdom in cracking down on Russia. 

An administration official told reporters Tuesday that there would be “more to come” around pushing back against the Russian cyberattack and other malicious actions “in the coming weeks.”

Wray was also questioned by Sen. Jon Ossoff (D-Ga.) on whether the SolarWinds breach constituted a counterintelligence failure, due to the foreign hackers having access to critical systems for months before cybersecurity group FireEye first reported the incident. 

Wray described the hacking incident as a “cybersecurity issue” instead of counterintelligence, but stressed that the threats posed by foreign adversaries in cyberspace are increasing. 

“We have long passed the world where it’s a question of if an organization is going to be the victim of a cyber intrusion, we are in the world of when, and the question is not whether someone was subject to a cyber intrusion, but how fast does it get detected, how well does it get mitigated,” he testified. 

Wray, who served in the Justice Department during the George W. Bush administration, noted that “the scope, the scale, the range of attack methods, the number of adversaries involved in sophisticated cyberattacks dwarfs what it was when I was in law enforcement and national security before.”

The FBI director testified on the heels of two major Capitol Hill hearings on the breach, with the Senate Intelligence Committee and two House committees hosting the leaders of SolarWinds, FireEye and Microsoft last week to discuss it.