Has anyone heard a peep from our president about the massive Russian hack of about 18,000 government agencies —including the Pentagon, the National Security Agency and the Department of Homeland Security — and top businesses in our country?
As the scope of the hack engineered by one of Russia's premier intelligence agencies became clearer throughout the week, Trump has remained quite noisy with his baseless claims of election fraud, but mum about this enormously concerning national security breach.
Confirmed by a software vendor and several federal agencies, we do know that about 18,000 private and government users downloaded a Russian-tainted software update sold by SolarWinds. The software, widely used by our government, may have given the Russians "unfettered access to as many of our systems as it wishes," according to The New York Times.
And on Thursday, federal officials issued an urgent warning that the hackers also used other malware and different attack techniques that posed "a grave risk to the federal government."
Among the users are the Centers for Disease Control and Prevention, the State Department, the Justice Department, national laboratories and a number of utility companies.
Utilities maybe like the Tennessee Valley Authority?
National laboratories like the one in Oak Ridge?
The National Security Agency, which both hacks into foreign networks and theoretically defends national security agencies from attacks, "apparently did not know of the breach in the network-monitoring software made until it was notified last week by FireEye [a private cybersecurity firm]," The Times wrote. "The NSA itself uses SolarWinds software."
It has since become evident that the treasury and commerce departments, the first agencies reported to be breached, "were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies," The Times wrote.
The hackers, at least as early as March, embedded their malicious code in a software known as Orion, made by SolarWinds, which is based in Austin, Texas. The company said that 33,000 of its 300,000 customers use Orion, and only half of those downloaded the malign Russian update.
The Cybersecurity and Infrastructure Security Agency, known as CISA, on Sunday issued a rare emergency directive warning federal agencies to "power down" the SolarWinds software.
"But that only prevents new intrusions; it does not eradicate Russian hackers who, FireEye said, planted their own "back doors," imitated legitimate email users and fooled the electronic systems that are supposed to assure the identities of users with the right passwords and additional authentication," according to The Times.
The hackers' malicious code evaded the U.S. government's multibillion-dollar detection system, dubbed Einstein, which focuses on finding new uses of known malware and detecting connections to parts of the internet used in previous hacks.
But Einstein, operated by DHS, was not equipped to find novel malware or internet connections, despite a 2018 report from the U.S. Government Accountability Office suggesting that building in such a capability might be a wise investment. Some private cybersecurity firms — like FireEye — do this type of "hunting," but Einstein does not.
The Associated Press reported that SolarWinds earlier this week took down a web page that boasted of dozens of its best-known customers, from the White House, Pentagon and the Secret Service to the McDonald's restaurant chain and Smithsonian museums. The Associated Press is among customers, though the news agency said it did not use the compromised products.
As for the Tennessee Valley Authority and Oak Ridge?
TVA spokesman Jim Hopson told Times Business Editor Dave Flessner on Wednesday: "For security purposes, we do not disclose specific software we use at TVA. We will continue to partner with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency on all emergency directives they issue and will comply with their requests."
Two days before, according to The New York Times, the chief executive officers of the largest American utility companies held an urgent call "to discuss the possible threat of the SolarWinds compromise to the power grid."
We have not heard yet from Oak Ridge National Laboratories, but we know from other reporting that Los Alamos National Laboratory in New Mexico is a SolarWinds client, and E&E News, a energy and environment news service, reports that Oak Ridge is a client as well.
Oak Ridge houses one of the world's fastest supercomputers and leads nuclear fusion research, among other activities. Los Alamos tests the reliability of the U.S. nuclear weapons stockpile and studies a range of energy and computing technologies.
It's hard to know which is worse: that the federal government was blindsided again by Russian intelligence agencies, or that days after it became clear, the president and White House officials have said nothing.
In that void, the National Security Council on Wednesday announced it invoked an Obama-era presidential directive to create a special group responsible for managing the federal government's response.
"A Cyber Unified Coordination Group (UCG) has been established to ensure continued unity of effort across the United States Government in response to a significant cyber incident," John Ullyot, an NSC spokesman, posted on Twitter.
There now. Don't we feel better? Frankly — no.