Schiff calls for ‘urgent’ work to defend nation in the wake of massive cyberattack

House Intelligence Committee Chairman Adam Schiff (D-Calif.) on Wednesday called on Congress to undertake “urgent work” to defend critical networks in the wake of a massive cyber espionage attack on the U.S. government. 

The attack, which occurred between March and June of this year, involved a nation state hacking group, widely reported to be a Russian military group, inserting a vulnerability into software from IT group SolarWinds. The company counts much of the federal government as customers, along with the majority of U.S. Fortune 500 companies.

As of Wednesday, the Department of Homeland Security, the Treasury Department, branches of the Pentagon and a Commerce Department agency were reported to have been breached as part of what is quickly becoming one of the largest cyberattacks in U.S. history. 

Schiff said that both the House and Senate Intelligence committees received briefings from officials with the Office of the Director of National Intelligence, the National Security Agency, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday. These agencies are actively working to investigate and respond to the incident. 

“The United States faces untold numbers of cyber threats from malicious foreign actors, both to the government agencies and private industry, and sometimes both at the same time,” Schiff said following the briefing. “The seriousness and duration of this attack demonstrate that we still have enormous and urgent work to do to defend our critical information and networks, that we must move quicker than our adversaries do to adapt.”

“Cybersecurity professionals in the government and private sector will need to work tirelessly to assess the scope and impact of the SolarWinds vulnerability on the United States and our allies,” he said. 

SolarWinds estimated in a Monday filing with the Securities and Exchange Commission (SEC) that as many as 18,000 of its customers could have been hit by the months-long espionage attack. Schiff urged private sector groups to work with federal agencies if there were any concerns that networks had been hit. 

“We expect and anticipate additional briefings in the coming days and weeks, and will continue to press for the latest information to be shared with Congress and the American people about this significant attack,” Schiff added. 

The Hill reached out for comment on the briefings to representatives of acting Intelligence Committee Chairman Marco Rubio (R-Fla.) and Vice Chairman Mark Warner (D-Va.). 

Warner put out a statement earlier this week also calling for action in the face of the crippling cyber incident. 

“As we gather more information on the impact and goals of these malign efforts, we should make clear that there will be consequences for any broader impact on private networks, critical infrastructure, or other sensitive sectors,” Warner said.  

The briefings took place the same day that cybersecurity group FireEye, whose breach by a nation state last week helped lead to the discovery of the SolarWinds hack, announced that it had discovered a “killswitch” to power down the malware inserted into the SolarWinds software used by the victim groups. 

The “killswitch” for the malware virus, which FireEye named “SUNBURST,” was used to deactivate the malware in partnership with Microsoft and GoDaddy. A FireEye spokesperson told The Hill that this did not fully put an end to the attack. 

“This actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor,” the spokesperson said in a statement. “This killswitch will not remove the actor from victim networks where they have established other backdoors.” 

While agencies have quickly moved this week to disconnect systems from SolarWinds software, major questions remain around what the hackers may have had access to since March. 

The intelligence committees are the latest congressional panels to receive briefings on the incident. 

The Senate Commerce Committee was briefed by the Commerce Department on Monday, while the Senate Armed Services Committee’s cybersecurity subcommittee was briefed by Defense Department officials on Tuesday.  

A group of bipartisan senators have requested further briefings from the FBI and CISA around the Commerce Department breach, while Sens. Sherrod Brown (Ohio) and Ron Wyden (Ore.), the Democratic leaders of the Senate Banking and Finance panels, pressed the Treasury Department for more information on the breach in a letter sent Tuesday.