NSC mtg of Cyber Response Group yielded some progress — govt has a list of hacked agencies, tho more could emerge — but officials still don't know what hackers stole.
"We are in very, very early days," official said, "and there's a sense that...the news is going to get worse."
The NSC CRG, following an Obama-era directive, established a Unified Coordination Group to streamline agencies' crisis collaboration.
"We're declaring this a significant cyber event," U.S. official said, using term reserved for crises such as NotPetya.
The NSC will also hold two daily communications meetings to make sure everyone's on same page.
There's no evidence that classified systems have been compromised, but on the other hand, an official told me, "We don't know what has been taken" from unclassified systems.
Expanding crisis has put new pressure on CISA just as it recovers from Trump's firing of its longtime director.
There are Qs about whether CISA has enough personnel to help the govt recover from this.
“They are overwhelmed,” U.S. official said.
CISA says it's ready.
CISA has roughly 2,200 employees, but only a small portion of them are digital firefighters who swoop into agencies to help respond to crises like this.
“NSA we aren’t,” a CISA employee told me, referring to the gulf b/w the workforces of the defensive and offensive agencies.
There's still a lot we don't know about this crisis.
I'm still working to confirm a few agencies that I've heard have been hacked.
Also, NYT reported today that the govt first learned about all this from FireEye, after it investigated its own breach: nytimes.com/2020/12/14/us/…
"If this actor didn’t hit FireEye, there is a chance that this campaign could have gone on for much, much longer," a FireEye executive told Bloomberg, adding that they "looked through 50,000 lines of source code" to discover the SolarWinds backdoor.
"Analysts said it was hard to know which was worse: that the federal government was blindsided again by Russian intelligence agencies, or that when it was evident what was happening, White House officials said nothing."
Can confirm: NIH and State were breached, per a U.S. official. They join Treasury, NTIA, DHS, and USDA on the list of agencies known to be compromised so far.
Readout of last night's CISA briefing for congressional staff, from a staffer:
* Some agencies didn't turn in emergency directive reports on time
* ED led one agency to discover breach (@snlyngaas first reported)
* Concern about value/efficacy of $6b CDM monitoring program
CDM point is worth considering. What IS the value of such an expensive program if it can't catch the attacks that represent the biggest threat?
Then again, is it fair to judge CDM by its failure to catch what everyone agrees is an outlier attack, a super-sophisticated scheme?
Some on the Hill think the SolarWinds crisis has highlighted federal cyber leadership issues.
"No one's in charge," staffer told me. "Incidents are fleeting, and best we can do is posthumous analysis."
Committee structure isn't effective for oversight either, they said.
"Lucky for us, so far, the systems’ doors were simply opened," the staffer added. "The buildings were not destroyed."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Chairman Johnson, kicking things off, says, “Much of the [fraud] suspicion comes from a lack of understanding of how everything works.”
Johnson: Voting technology “should not be connected to the internet, but we found some do have the capability of being connected, and there are allegations that some were.”
Johnson: To figure out if any voting machines were compromised in this election, “computer science experts must be given the opportunity to examine these allegations.”
This is a big loss for CISA, which hired Masterson in 2018 after House Speaker Paul Ryan blocked his reappointment to the Election Assistance Commission.
Election officials widely praised Masterson for helping improve the relationship between them and the federal government.
.@mastersonmv confirms to me that he is leaving CISA, as first reported by @dnvolz.
Masterson, a senior cyber adviser working on election security at CISA, is leaving to join @stanfordio.
"I will be working on documenting what worked and didn’t work around election security and figuring out where we go from here on disinformation," Masterson tells me.
“I saw it first, and I said, ‘If this doesn’t get you fired, nothing will,’ and his response back was essentially, ‘Yeah, this might do it.’”
WH personnel office called CISA’s chief of staff on Veterans' Day to tell her that WH was going to ask for CISA Assistant Director for Cybersecurity Bryan Ware’s resignation, Travis says.
"We...pressed that it would be silly to change the CISA team” during election & OWS.
CISA's chief of staff asked the WH if Ware was the only one, Travis says. His understanding, he says, is that the answer at that time was yes.
Got some thoughts about Friday's #TheMandalorian episode, but first: Disney shouldn't have hired an actress who was sued for transphobic harassment.
The lawsuit was dismissed, but that doesn't necessarily mean much when the defendant is a celebrity.
Avoidable blunder here.
Transgender people endure constant abuse simply because of who they are, and Disney/Lucasfilm's refusal to even acknowledge their anger is a disappointing act of corporate cowardice that casts doubt on their oft-stated commitment to inclusion.
Transgender SW fans deserve better.
As for the episode, I really liked how Favreau and Filoni adapted Ahsoka for live-action — probably one of their most challenging tasks so far, given fan expectations. She looked great, and I loved how she moved like a wraith during the fight scenes. Overall, very impressive.
Justice Thomas asked Van Buren's lawyer if he has any real-world examples of the slippery slope argument that CFAA critics have been making in the 11th Circuit, where courts have followed the government's reading of the law for a while.
Van Buren's counsel says no, but references cases in other circuits, including one where someone was prosecuted for “misusing MySpace" and another one involving Ticketmaster.