The worst may be yet to come as the Department of Homeland Security continues to untangle the damage done by the cyberattack on the SolarWinds server software that put federal and private computer systems at “grave risk.”
The full range of the intrusions, which began in March, “have not yet been discovered,” Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) admitted in a Thursday bulletin.
“We’re still unpacking precisely what it is,” Secretary of State Mike Pompeo acknowledged Friday during an interview with Mark Levin — where he pinned the blame on Russia for the first time since news of the incursion broke Dec. 13.
Multiple federal agencies, including the Pentagon, the Department of Energy’s National Nuclear Security Administration, and the Departments of Commerce, Treasury, and Homeland Security itself, were compromised by the breach — along with an unknown number of private corporations, including Cisco Systems and Cox Communications.
President Trump has been lambasted by members of Congress, including members of his own party like Sen. Mitt Romney (R-Utah), for “not … aggressively speaking out and protesting and taking punitive action” against Moscow, Romney said Friday.
But the administration is at work behind the scenes, Pompeo said.
“There are many things that you’d very much love to say, ‘Boy, I’m going to call that out,'” he said. “But a wiser course of action to protect the American people is to calmly go about your business and defend freedom.”
The hackers, who piggybacked on the widely used SolarWinds server software, “demonstrated patience, operational security, and complex trade-craft in these intrusions,” the CISA bulletin said — and neutralizing the threat “will be highly complex and challenging.”