The Trump administration activated an emergency cybersecurity response on Wednesday – with the FBI, CISA, and ODNI joining forces to form a Cyber Unified Coordination Group (UCG) to “coordinate a whole-of-government response to this significant cyber incident.”
The move is a sign of how severe the foreign espionage operation against the USA really is, according to former NSC officials.
“This cyberattack is the exact type of threat I worried about when I was at the White House — a nation-state threat that infects the software supply chain, and now it’s here and it’s affecting not just the U.S. government but some of its most sensitive interests, as well as private-sector organizations,” Anthony J. Ferrante, a former Director for Cyber Incident Response at the NSC, told CyberScoop.
Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of these agencies as they focus on their separate responsibilities. This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.
As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors. The FBI is engaging with known and suspected victims, and information gained through FBI’s efforts will provide indicators to network defenders and intelligence to our government partners to enable further action.
As the lead for asset response activities, CISA took immediate action and issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network. CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident. CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises.
As the lead for intelligence support and related activities, ODNI is helping to marshal all of the Intelligence Community’s relevant resources to support this effort and share information across the United States Government.