Share this page!

Eric Geller Profile picture
Twitter logo
15 Dec, 14 tweets, 4 min read
New: Inside the deepening crisis consuming the federal govt as agencies scramble to figure out if they've been hacked.

"This is probably going to be one of the most consequential cyberattacks in U.S. history,” a U.S. official told me.

politico.com/news/2020/12/1…
NSC mtg of Cyber Response Group yielded some progress — govt has a list of hacked agencies, tho more could emerge — but officials still don't know what hackers stole.

"We are in very, very early days," official said, "and there's a sense that...the news is going to get worse."
The NSC CRG, following an Obama-era directive, established a Unified Coordination Group to streamline agencies' crisis collaboration.

"We're declaring this a significant cyber event," U.S. official said, using term reserved for crises such as NotPetya.
The NSC will also hold two daily communications meetings to make sure everyone's on same page.

There's no evidence that classified systems have been compromised, but on the other hand, an official told me, "We don't know what has been taken" from unclassified systems.
Expanding crisis has put new pressure on CISA just as it recovers from Trump's firing of its longtime director.

There are Qs about whether CISA has enough personnel to help the govt recover from this.

“They are overwhelmed,” U.S. official said.

CISA says it's ready.
CISA has roughly 2,200 employees, but only a small portion of them are digital firefighters who swoop into agencies to help respond to crises like this.

“NSA we aren’t,” a CISA employee told me, referring to the gulf b/w the workforces of the defensive and offensive agencies.
There's still a lot we don't know about this crisis.

I'm still working to confirm a few agencies that I've heard have been hacked.

Also, NYT reported today that the govt first learned about all this from FireEye, after it investigated its own breach: nytimes.com/2020/12/14/us/…
"If this actor didn’t hit FireEye, there is a chance that this campaign could have gone on for much, much longer," a FireEye executive told Bloomberg, adding that they "looked through 50,000 lines of source code" to discover the SolarWinds backdoor.

bloomberg.com/news/articles/…
Will leave you with this, from the NYT story:

"Analysts said it was hard to know which was worse: that the federal government was blindsided again by Russian intelligence agencies, or that when it was evident what was happening, White House officials said nothing."
Can confirm: NIH and State were breached, per a U.S. official. They join Treasury, NTIA, DHS, and USDA on the list of agencies known to be compromised so far.
Readout of last night's CISA briefing for congressional staff, from a staffer:

* Some agencies didn't turn in emergency directive reports on time
* ED led one agency to discover breach (@snlyngaas first reported)
* Concern about value/efficacy of $6b CDM monitoring program
CDM point is worth considering. What IS the value of such an expensive program if it can't catch the attacks that represent the biggest threat?

Then again, is it fair to judge CDM by its failure to catch what everyone agrees is an outlier attack, a super-sophisticated scheme?
Some on the Hill think the SolarWinds crisis has highlighted federal cyber leadership issues.

"No one's in charge," staffer told me. "Incidents are fleeting, and best we can do is posthumous analysis."

Committee structure isn't effective for oversight either, they said.
"Lucky for us, so far, the systems’ doors were simply opened," the staffer added. "The buildings were not destroyed."

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

Eric Geller Profile picture
16 Dec
Senate HSGAC hearing on 2020 election starting now: hsgac.senate.gov/examining-irre…

Chairman Johnson, kicking things off, says, “Much of the [fraud] suspicion comes from a lack of understanding of how everything works.”
Johnson: Voting technology “should not be connected to the internet, but we found some do have the capability of being connected, and there are allegations that some were.”
Johnson: To figure out if any voting machines were compromised in this election, “computer science experts must be given the opportunity to examine these allegations.”
Read 19 tweets
Eric Geller Profile picture
13 Dec
Can we just have one quiet weekend...
Can confirm @Bing_Chris's report that several federal agencies incl NTIA are investigating breaches seemingly tied to nation-state hackers.

"It's not entirely certainly what vulnerability they're using, how they got in, but it continues to be a problem," a U.S. official told me.
"The FBI's on site" at the Commerce Department, the parent agency of NTIA, per this official.

Emergency NSC meeting yesterday, this person said.

"It seems like it's gonna be a much bigger issue, but there's not a lot of firm understanding of how broad the scale is."
Read 26 tweets
Eric Geller Profile picture
10 Dec
This is a big loss for CISA, which hired Masterson in 2018 after House Speaker Paul Ryan blocked his reappointment to the Election Assistance Commission.

Election officials widely praised Masterson for helping improve the relationship between them and the federal government.
.@mastersonmv confirms to me that he is leaving CISA, as first reported by @dnvolz.

Masterson, a senior cyber adviser working on election security at CISA, is leaving to join @stanfordio.
"I will be working on documenting what worked and didn’t work around election security and figuring out where we go from here on disinformation," Masterson tells me.
Read 4 tweets
Eric Geller Profile picture
1 Dec
At @AspenCyber conf, fmr CISA DepDir Matt Travis, forced out by WH, recalls texting @C_C_Krebs re @NatashaBertrand's Rumor Control story.

“I saw it first, and I said, ‘If this doesn’t get you fired, nothing will,’ and his response back was essentially, ‘Yeah, this might do it.’”
WH personnel office called CISA’s chief of staff on Veterans' Day to tell her that WH was going to ask for CISA Assistant Director for Cybersecurity Bryan Ware’s resignation, Travis says.

"We...pressed that it would be silly to change the CISA team” during election & OWS.
CISA's chief of staff asked the WH if Ware was the only one, Travis says. His understanding, he says, is that the answer at that time was yes.
Read 8 tweets
Eric Geller Profile picture
30 Nov
Got some thoughts about Friday's #TheMandalorian episode, but first: Disney shouldn't have hired an actress who was sued for transphobic harassment.

The lawsuit was dismissed, but that doesn't necessarily mean much when the defendant is a celebrity.

Avoidable blunder here.
Transgender people endure constant abuse simply because of who they are, and Disney/Lucasfilm's refusal to even acknowledge their anger is a disappointing act of corporate cowardice that casts doubt on their oft-stated commitment to inclusion.

Transgender SW fans deserve better.
As for the episode, I really liked how Favreau and Filoni adapted Ahsoka for live-action — probably one of their most challenging tasks so far, given fan expectations. She looked great, and I loved how she moved like a wraith during the fight scenes. Overall, very impressive.
Read 7 tweets
Eric Geller Profile picture
30 Nov
The Supreme Court is now hearing oral arguments in Van Buren v. United States, a case about the proper scope of the Computer Fraud and Abuse Act.

Listen here: c-span.org/video/?477429-…

Read my preview here: politico.com/newsletters/we…
Justice Thomas asked Van Buren's lawyer if he has any real-world examples of the slippery slope argument that CFAA critics have been making in the 11th Circuit, where courts have followed the government's reading of the law for a while.
Van Buren's counsel says no, but references cases in other circuits, including one where someone was prosecuted for “misusing MySpace" and another one involving Ticketmaster.
Read 37 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ericgeller has new unrolls!

Check out other threads from @ericgeller!

Read all threads by @ericgeller