Regarding the SolarWinds hack, which has been described as 'the worst cyber attack in the past decade,' President Biden ordered a committee to investigate it, but no investigation was actually carried out and the damage was spreading.
Cyber Safety Board Never Probed Causes of SolarWinds Breach — ProPublica
https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft
In December 2020, it was revealed that malware had been planted in the 'Orion Platform,' a network monitoring software provided by SolarWinds , via a flaw in a Microsoft product, resulting in a large-scale cyber attack on U.S. government ministries and agencies that used the software, including the Department of the Treasury, Department of State, and National Nuclear Security Administration, as well as major technology companies such as Microsoft and Cisco. The cyber attack on SolarWinds is believed to have been launched by the Russian government-backed hacker organization 'NOBELIUM,' and Microsoft has described the cyber attack as 'one of the most serious cyber attacks in the past decade.'
What is the attack on SolarWinds' 'Orion Platform' that Microsoft President calls 'one of the most serious cyber attacks in the past decade'? - GIGAZINE
In response to this, in May 2021, President Biden issued an executive order to establish a Cyber Security Review Board to investigate the cyberattack on SolarWinds and ordered the board to investigate the full extent of the cyberattack.
However, the Cyber Security Review Committee never investigated the cyber attack on SolarWinds. The Cyber Security Review Committee has prepared investigation reports multiple times, but at the time of the first and second investigation reports, it did not investigate SolarWinds, and in the third investigation, it investigated 'another cyber attack in 2023 in which hackers backed by the Chinese government exploited security flaws in Microsoft to access the email accounts of government officials.'
Chinese hacking group found to have accessed US government mailboxes - GIGAZINE
The Cyber Security Review Board is not an independent body, but a committee established within the Department of Homeland Security. Rob Silvers, the Under Secretary of Homeland Security, is the chairman, and Google's Chief Security Officer is the vice chairman. When ProPublica asked Silvers why he did not investigate the cyberattack on SolarWinds, he replied, 'Because the cyberattack was already being thoroughly investigated by the public and private sectors, the Department of Homeland Security decided that the committee did not need to conduct its own investigation into the cyberattack on SolarWinds, as instructed by the White House.' In addition, Silvers said, 'We want to focus on reviewing existing investigations to increase the insights and lessons we can gain from our investigations.'
This means there has been no public government investigation into the security flaws in Microsoft products exploited by Russian hackers, while the internal investigation report into the SolarWinds cyberattack did not focus on any internal Microsoft issues that caused the problem.
However, ProPublica pointed out that 'if the full details of what happened in the SolarWinds cyberattack had been made public, it would have been a devastating blow to Microsoft,' and noted that Microsoft's crimes in the SolarWinds cyberattack were significant. According to ProPublica, Microsoft had been aware of the 'flaws in Microsoft products' used in the SolarWinds cyberattack for some time, but had refused to respond. According to a whistleblower who provided information to ProPublica, the reason Microsoft did not take action was because it 'prioritized profits over security.'
Cybersecurity experts have noted that if the Cybersecurity Review Board had properly investigated flaws in Microsoft products, it could have mitigated or prevented the above-mentioned cyberattacks that occurred in 2023. Senator Ron Wyden, a member of the Senate Intelligence Committee, also noted that 'recent hacks could have been prevented with proper oversight,' and recommended that the Cybersecurity Review Board re-investigate the cyberattack on SolarWinds.
Senator Wyden further stated, 'I am deeply concerned that the primary reason the Committee did not investigate the SolarWinds cyberattack, despite the President's instructions, is because an investigation would have required it to investigate and document significant negligence by the United States government.' He pointed out that the Cyber Security Review Board did not investigate the SolarWinds cyberattack because it would have been an admission of government negligence.
The initial purpose of the Cyber Security Review Board, led by Silvers, was to investigate the cyberattack on SolarWinds, but later he was ordered by Secretary of Homeland Security Alejandro Mayorkas and Director of CISA Jen Easterly to prioritize the investigation of vulnerabilities found in the Java Log4j library, which led to the SolarWinds investigation being postponed. Silvers explained that the result of following the order was to 'postpone the SolarWinds investigation,' and that 'we are fully complying with the presidential order.'
Why does the vulnerability 'Log4Shell (CVE-2021-44228)' discovered in the Java Log4j library have such a big impact on the world? - GIGAZINE
Related Posts:
in Security, Posted by logu_ii