SolarWinds puts national cybersecurity strategy on display

The Biden administration has taken steps to bolster national cybersecurity that also send a clear message to malicious cyber attackers: The U.S. is not only modernizing its infrastructure but calling out bad actors who threaten it.

The cyber attack on SolarWinds last year revealed vulnerabilities within the U.S. software supply chain, as computer systems belonging to U.S. government agencies including the Department of Homeland Security and the U.S. Treasury fell victim to the breach. The attack was the latest in a string of national cybersecurity threats, including election interference, that helped set in motion what is shaping up to be a strong national cybersecurity strategy for the Biden administration.

President Joe Biden issued an executive order naming the Russian Foreign Intelligence Service as the perpetrator of the SolarWinds attack and named Russia for its efforts to undermine U.S. elections. In response, the administration has imposed economic sanctions on the country. Biden has also further committed to prioritizing and modernizing national cybersecurity infrastructure by creating a new cybersecurity role in his administration and investing millions of dollars to fortify cybersecurity infrastructure and support cybersecurity innovation through his discretionary funding request for fiscal year 2022.

Although malicious cyber attacks aren't new, experts believe Biden's prioritization of national cybersecurity comes at the right time.  

"The Biden administration has an opportunity to take a much more forceful approach to both cybersecurity defense in the U.S. and to our policies regarding malicious cyberactivity from cybercriminals and nation-states," said Raja Mukerji, co-founder and chief customer officer at cyber analytics firm ExtraHop in Seattle. "So far, signs are promising that they are going to take advantage of this opportunity."

Responding to SolarWinds

SolarWinds is an IT software management company based in Austin, Texas. The cyber attack against the company began in 2019 when threat actors gained access to the company's Orion platform, which includes IT management products widely used by government agencies and private companies.

The threat actors installed "backdoors," enabling access to computer systems that bypass security measures, in software updates pushed out by the Orion platform over the course of several months. Threat actors then used these backdoors to access computer systems of major federal departments and companies like Microsoft.

After coming to light in 2020, it was discovered that the breach affected thousands of organizations, although its full impact is still unknown. The attack is considered a supply chain attack because the infiltration of one company led to thousands of organizations being affected.

Biden identified Russia as the nation-state responsible for the SolarWinds attack. The economic sanctions against Russia, which were imposed for election interference as well as the SolarWinds attack, include sanctioning six technology companies that support Russian intelligence services as well as halting U.S. financial institutions from purchasing Russian bonds from the country's central bank, national wealth fund and finance ministry. Russia has expelled U.S. diplomats in response to the sanctions, furthering strains between the two countries.

Kyle Hanslovan, founder and CEO of security platform provider Huntress and a former NSA cyber operator, said the restrictions on how Russia operates in the global financial markets will have strong impacts.

When you choose to go after the financial infrastructure of a country, or its ability to operate on a global stage, that is a pretty strong signal that we're not playing.

"When you choose to go after the financial infrastructure of a country, or its ability to operate on a global stage, that is a pretty strong signal that we're not playing," Hanslovan said.

Kelvin Coleman, executive director of the National Cyber Security Alliance, called the sanctions "significant" due to both the Biden administration officially blaming Russia for its role in the SolarWinds attack, but also rendering consequences where it hurts: Russia's pocketbook. 

"If you're Russia, you'd rather go through today's global economy without sanctions coming from, still, what is the most powerful economy in the world," he said. 

Coleman said the economic sanctions are but a first of many steps he expects to see the Biden administration take against Russia. 

"The national cybersecurity team is still coming together, which is why I say this is just the first step," he said. "I think there could potentially be more action coming this year."

ExtraHop's Mukerji also said the sanctions were an "extraordinary step."

However, he said, they won't hamper Russia's cybercapabilities. And, while the sanctions send a strong message that the U.S. won't ignore malicious cyberactivities, what's more effective than reactive sanctions are the proactive actions Biden has taken in conjunction with the sanctions, he added. 

For example, the U.S. Department of Energy launched a 100-day plan on April 20 to address cybersecurity risks to critical U.S. electricity infrastructure. The initiative, a collaboration with the electrical power industry and the Cybersecurity and Infrastructure Security Agency (CISA), aims to better secure the energy sector by enhancing detection, mitigation and forensic capabilities for electric utilities' industrial control systems and its supply chain.

"The initiative underscores the heightened concerns that arose for the supply chain and infrastructure after SolarWinds," Mukerji said. "Based in part on tactics used in that attack, the energy department is encouraging power plants and utilities providers to improve their network detection capabilities."

Another step Biden has taken is creating and filling national cybersecurity positions with experienced cybersecurity leaders -- including appointing former National Security Agency (NSA) cybersecurity director Anne Neuberger to the role of deputy national security adviser for cyber and emerging technology on the National Security Council. Neuberger is responsible for coordinating cybersecurity efforts for the federal government, including the recent response to SolarWinds.

Supporting cybersecurity with strong leadership

Huntress' Hanslovan said Biden's push to prioritize national cybersecurity and surround himself with strong cybersecurity leadership is happening at the right time.  

Cybersecurity and cybercrime have become more sophisticated in the last 10 years, he said. Both have reached a point of maturity that calls for enhanced cybersecurity efforts from the federal government, an opportunity Biden is now taking.

"Ten years ago, we weren't mature enough to have this discussion," Hanslovan said of building cybersecurity defenses. "Now, it's a good time to have this discussion because we're finally mature enough."

Along with Neuberger, Biden nominated Jen Easterly, a former NSA intelligence officer, to be the next CISA director, and Chris Inglis, a former NSA deputy director, to a newly created position: national cyber director. As national cyber director, Inglis will be responsible for working with the U.S. military and Biden's national security adviser on offensive cyberoperations. Both nominations were made in April and require Senate confirmation.

Bringing cyber experts to the table to guide conversations on national cybersecurity is critical to building successful strategies for cybersecurity defense, Hanslovan said.

"By putting big cybersecurity leaders in place and in sending strong messaging with, 'We're willing to do the sanctions that other administrations weren't willing to do,' that is a pretty firm way to convey your message of, 'We're not going to stand idle,'" he said.

Making cybersecurity a budget priority

Biden is also making sure to back up his cybersecurity efforts with funding.

In his FY2022 budget request, the president asked for roughly $1.5 trillion, $753 billion of which is for national defense programs, including national cybersecurity efforts. The fiscal year begins in October and requires congressional approval.

Of the national defense funding requested, the Department of Defense gets the heftiest chunk at $715 billion to "counter the threat from China as the department's top challenge" and "seek to deter destabilizing behavior by Russia." CISA is the next biggest benefactor and is earmarked to receive $2.1 billion, an increase of $110 million from FY2021.

The budget request also allots $916 million to expand scientific and technological research for cybersecurity at the National Institute of Standards and Technology (NIST); $750 million as a reserve for federal agency IT improvements; and $500 million for the Technology Modernization Fund (TMF), which serves as a funding vehicle for federal IT modernization projects.

The budget request builds on funding already provided to both CISA and TMF in the American Rescue Plan Act of 2021 approved by Congress in March, through which CISA received $650 million and TMF received $1 billion.  

National Cyber Security Alliance's Coleman said the Biden administration's FY2022 budget request sends a clear message that national cybersecurity is a top priority.

He also noted that the administration's emphasis on national cybersecurity is timely. In addition to the threat of malicious cyber attacks, the COVID-19 pandemic made clear the need to enhance healthcare technology and has pushed the Biden administration's commitment to cybersecurity, according to Coleman. Plus, within the next five years, at least 60 billion connected devices will be roaming the globe, making the need to improve cybersecurity dire, he said.

"This continuous connection we have is not going away anytime soon; that's why we are seeing the Biden administration put so much effort into making sure we put some modernization into this effort as well as defense," Coleman said. "And it can't just be defense, you can't just defend and block attacks. You have to, at some point, continue to be innovative, and that's exactly what we're seeing with this investment in not only the Department of Homeland Security and NSA, but also NIST."

Ray Bjorklund, federal IT expert and president at BirchGrove Consulting LLC, said putting more money into CISA to support national security initiatives is pivotal to the administration's cybersecurity funding request.

"That, to me, is a good move because it will help them build out capabilities and systems in conjunction with the Department of Defense, with NIST, with NSA -- there are lots of players," Bjorkland said. "But it will help them build a more centralized, coherent defensive -- maybe even offensive -- capability."

Makenzie Holland is a news writer covering big tech and federal regulation. Prior to joining TechTarget, she was a general reporter for the Wilmington Star-News and a crime and education reporter at the Wabash Plain Dealer.