Officials say executive order with ‘a dozen’ actions forthcoming after SolarWinds, Microsoft breaches

Officials at the Department of Homeland Security (DHS) on Tuesday said that the Biden administration is working on “close to a dozen” action items to be included in an upcoming executive order meant to strengthen federal cybersecurity in the wake of two major breaches. 

“We continue to work urgently to make the investments necessary, and the administration is working on close to a dozen actions for an upcoming executive order,” a senior DHS official told reporters during a phone call. 

The comments were made as the Biden administration continues to grapple with the fallout from both the SolarWinds hack, which U.S. intelligence officials have assessed was “likely” carried out by Russian operatives, and from the newly discovered vulnerabilities in Microsoft’s Exchange Server application that was initially exploited by a Chinese hacking group. 

Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, announced in February that at least nine federal agencies and 100 private sector companies had been compromised as part of the SolarWinds hack, first discovered in December. 

Neuberger also announced last month that an “executive action” was in the works as part of responding to the SolarWinds hack. Her comments were made prior to the discovery of the Microsoft vulnerabilities, which have hit thousands of organizations worldwide. 

The senior DHS official said Tuesday that most of the agencies compromised in the SolarWinds breach, which included Homeland Security, had “done their initial response and remediation, and have concluded that their networks are free of indicators of known compromise associated with this campaign.”

The Associated Press reported Monday that the SolarWinds hackers had been able to access the email accounts of former Acting Homeland Security Secretary Chad Wolf and other top agency officials. 

The senior DHS officials told reporters Tuesday that “after remediation steps were taken, the adversary was removed from the network,” and noted that there was a “level of ambiguity” as to what the hackers were after. 

The comments were made a day ahead of a planned major cybersecurity speech by Homeland Security Secretary Alejandro Mayorkas, who has made cybersecurity a key priority since taking office. 

Mayorkas last month announced millions of dollars in federal grants during a separate speech in an effort to address increasing cyber threats, in particular what he described as an “epidemic” of ransomware attacks. 

These attacks, which cyber criminals have used to go after vulnerable hospitals, schools and other critical organizations, will be “one of the first sprints” the agency will focus on in the cybersecurity space, the senior DHS official told reporters Tuesday. 

“As the recent campaigns have illustrated, there are clearly some hard truths that we need to confront as a government but also as a nation with respect to the cybersecurity challenges we face,” they stressed.