WASHINGTON, DC – OCTOBER 19: Christopher Krebs, senior official performing the duties of the undersecretary for the National Protection and Programs Directorate in the Department of Homeland Security, testifies during a Senate Armed Services (Getty Images)
The former director of the federal cybersecurity agency, Chris Krebs, who the president fired last month for defending the integrity of the 2020 election, said the wide-scale cyberattack on the federal government that was made public last week was almost certainly conducted by Russia and was possible because of a “seam” in defenses.
Speaking on CNN’s “State of the Union,” Krebs, who was director of the Cybersecurity and Infrastructure Security Agency when the cyberattack is thought to have begun, as early as March, said that he was not aware of the hack until it was detected by cybersecurity firm FireEye earlier this month.
“We missed it … a bunch of other folks missed it,” said Krebs, explaining that the hack was possible because of outdated systems across government agencies that have not been “optimized” to proactively defend against unknown attacks.
“This was a never-before-seen capability that computer systems weren’t designed to detect,” said Krebs, emphasizing that the Russians are “exceptionally good at this sort of work.”
CISA, an agency created within the Department of Homeland Security in 2017, has not been granted the authority to search for “things that don’t look normal,” according to Krebs, who said that these capabilities will be granted by the new defense spending bill, which is currently sitting on Trump’s desk waiting to be signed.
On CBS’ “Face the Nation,” where the unfolding attack was also a key topic of discussion, FireEye CEO Kevin Mandia emphasized the “utterly clandestine” methods used by the Russians to get away with the attack undetected for nearly nine months.
“This was not a drive-by shooting on the information highway, this was a sniper round from someone a mile away from your house,” said Mandia. “It was going to take special operations to detect this breach … It was a backdoor into the American supply chain that separates this from thousands of other cases that we’ve worked throughout our careers.”
FireEye detected the cyberattack while probing a hack of its own systems earlier this month. Initially attributed to the corruption of network management software from SolarWinds, whose customers include the Department of Defense, the Department of Justice and the Department of Homeland Security, CISA has since announced that the hackers may have gained other points of entry. Mandia said that while 18,000 companies downloaded the corrupted SolarWinds software, he estimates that only 50 organizations were actually impacted by the hack. Politico reported last week that the National Nuclear Security Administration, which oversees the country’s nuclear weapons stockpile, was one of the compromised agencies. During his first public comments on the hack on Saturday, President Trump downplayed its severity and shrugged off the role of Russia, suggesting China may have been involved instead. Russia has publicly denied any involvement in the hack. Top officials remain divided on how to respond, with Sen. Mitt Romney (R-Utah) arguing on Sunday that the U.S. must show Russia it can’t act with “impunity,” while Krebs warned of the dangers of “escalating” into a cyber war with Russia.