The Senate Select Committee on Intelligence concluded its hearing on the massive SolarWinds hack on Tuesday having touched on proposals ranging from the creation of a new federal agency for reporting cyber threats to best practices for businesses and government agencies to avoid future hacks.
The hearing featured Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna, and the CEOs of cybersecurity firms CrowdStrike and FireEye. Though there was some back-and-forth over the details, all agreed that the federal government should create a new clearinghouse for cybersecurity.
"I still believe it is critical we find a way to have a centralized agency that we can report threat intelligence to confidentially," said Kevin Mandia, CEO of FireEye, which first identified the threat back in December. "That means we get the intelligence into the hands of people who can take actionable steps way faster than disclosure of incidents, which just takes too long."
He also joined the rest of the panel in calling for some kind of reporting requirement for companies, though the exact details were debated, such as whether it should be confidential or if there should be liability protections.
Mandia explained that FireEye's discovery of the hack — which compromised 100 private companies and nine federal agencies through 18,000 entities who downloaded a tainted software update from the SolarWinds Orion platform — was a massive undertaking, requiring "thousands of hours" of investigation to essentially find a "needle in a haystack."
All the participants stressed the importance of a combined public-private response. Vice-chairman of the Committee Sen. Marco Rubio said "The bottom-line question is, 'how did we miss this?'" and what can the private sector and the U.S. government do together to make sure it doesn't happen again.
Rubio also cautioned against the use of certain loaded words, such as "attack", to describe what happened, and he stuck to the Biden and Trump administration's conclusions that the hack was only "likely of Russian origin."
Smith of Microsoft was more explicit in assigning blame.
"At this stage, we've seen substantial evidence that points to the Russian Foreign Intelligence Service, and we've seen no evidence that leads us anywhere else," he said.
New Committee Chair Sen. Mark Warner noted that the intrusion had the potential to be "exponentially worse," given the level of access achieved.
Crucially, however, the panel shared the opinion that right now the breach looks like an act of espionage, rather than an attempt to disrupt or wreak havoc on the U.S. economy or government.
"Disruption would have been easier than what they did," Mandia said. "They had focused, disciplined data theft. It's easier to just delete everything in a blunt force trauma and see what happens, which other actors have done."
This is another reason the panel roundly agreed that whoever committed the hack was highly sophisticated. Smith noted that in all likelihood at least 10,000 engineers were involved in pulling it off.
"This is indicative of a nation-state actor, and it's in their interest to maintain persistence," said George Kurtz, president and CEO of CrowdStrike. "If they were collecting data, they want to continue collecting information over a period of time."
On the question of whether or not the hack was ongoing, Ramakrishna of SolarWinds stressed that the tainted "code has been removed and is no longer an ongoing threat to the Orion platform."
Nvidia on Wednesday became the first public company to reach a market capitalization of $5 trillion. The ravenous appetite for the Silicon Valley company’s chips is the main reason that the company’s stock price has increased so rapidly since early 2023.
Chris Williamson, Chief Business Economist at S&P Global, breaks down September’s CPI print and inflation trends, explaining what it means for markets.
A big-screen adaptation of the anime “Chainsaw Man” has topped the North American box office, beating a Springsteen biopic and “Black Phone 2.” The movie earned $17.25 million in the U.S. and Canada this weekend. “Black Phone 2” fell to second place with $13 million. Two new releases, the rom-com “Regretting You” and “Springsteen — Deliver Me From Nowhere,” earned $12.85 million and $9.1 million, respectively. “Chainsaw Man – The Movie: Reze Arc” is based on the manga series about a demon hunter. It's another win for Sony-owned Crunchyroll, which also released a “Demon Slayer” film last month that debuted to a record $70 million.
The Federal Aviation Administration says flights departing for Los Angeles International Airport were halted briefly due to a staffing shortage at a Southern California air traffic facility. The FAA issued a temporary ground stop at one of the world’s busiest airports on Sunday morning soon after U.S. Transportation Secretary Sean Duffy predicted that travelers would see more flights delayed as the nation’s air traffic controllers work without pay during the federal government shutdown. The hold on planes taking off for LAX lasted an hour and 45 minutes and didn't appear to cause continued problems. The FAA said staffing shortages also delayed planes headed to Washington, Chicago and Newark, New Jersey on Sunday.
Boeing workers at three Midwest plants where military aircraft and weapons are developed have voted to reject the company’s latest contract offer and to continue a strike that started almost three months ago. The strike by about 3,200 machinists at the plants in the Missouri cities of St. Louis and St. Charles, and in Mascoutah, Illinois, is smaller in scale than a walkout last year by 33,000 Boeing workers who assemble commercial jetliners. The president of the International Association of Machinists says Sunday's outcome shows Boeing hasn't adequately addressed wages and retirement benefits. Boeing says Sunday's vote was close with 51% of union members opposing the revised offer.
The stunning indictment that led to the arrest of more than 30 people — including Miami Heat guard Terry Rozier and other NBA figures — has drawn new scrutiny of the booming business of sports betting in the U.S. The multibillion-dollar industry has made it easy for sports fans — and even some players — to wager on everything from the outcome of games to that of a single play with just a few taps of a cellphone. But regulating the rapidly-growing industry has proven to be a challenge. Professional sports leagues’ own role in promoting gambling has also raised eyebrows.
