Cybersecurity

White House ‘standing down’ emergency response groups to SolarWinds, Microsoft hacks

The Biden administration is “standing down” coordinated efforts by several key agencies to respond to recent major cybersecurity incidents including the SolarWinds hack, a senior administration official announced Monday. 

Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, said the two unified coordination groups (UCGs) that were convened to respond to both the SolarWinds hack and recently discovered vulnerabilities in Microsoft’s Exchange Server would be scaled back. 

“Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures,” Neuberger said in a statement. 

The UCGs for both incidents are made up of the FBI, the National Security Agency, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency (CISA). 

The SolarWinds group was convened under the Trump administration after the breach, which was carried out by Russian hackers, was discovered in December. The group responding to the Microsoft vulnerabilities, which at least one Chinese state-sponsored hacking group exploited, was convened in March.

The SolarWinds hack compromised at least nine federal agencies and 100 private sector groups, and the Microsoft vulnerabilities potentially compromised thousands of organizations around the world.

Neuberger said Monday that the “lessons learned” from responding to both cyber incidents would be used in improving future government responses to hacking efforts. 

“The Biden Administration is undertaking a whole-of-government effort – working closely with Congress, the private sector, and allies and partners around the world – to build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation’s ability to quickly and effectively respond to significant cybersecurity incidents,” Neuberger said. 

“While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector,” she added. 

The administration will also shortly roll out an executive order aimed at improving federal cybersecurity following both the recent incidents, and CISA ordered all federal agencies to investigate and immediately patch their systems against both the Microsoft vulnerabilities and those used in the SolarWinds hack. 

The announcement of the scaling back of response efforts came less than a week after the Biden administration announced a wide array of sanctions against Russia in response to the SolarWinds hack, with officials also formally attributing the hack to Russia. 

Biden said last week following the announcement of the sanctions that while he did not want to provoke a “cycle of escalation with Russia,” he would take further steps if Russia continued to interfere. 

“If Russia continues to interfere with our democracy, I am prepared to take further actions to respond,” Biden said.