Pentagon Orders Emergency Shutdown of Network Days After Massive, Multibranch Security Breach
Arlington, VA – It’s been confirmed that on Tuesday, the Pentagon ordered a classified internal communications network to be shutdown due to security breaching concerns.
It was reported that The Secret Internet Protocol Router Network (SIPRNET) was shut down mid-morning for “emergency software updates,” and remained off for several hours, Just the News reported.
One Pentagon official spoke anonymously, saying, “This has never happened in the middle of a work day. Updates usually are done on weekends and after hours late at night. This was done on an emergency basis.”
This unprecedented shutdown comes just days after the government issued an emergency directive after reporting a security breach. At that time, according to multiple media sources, at least three US departments, including the Department of Defense, the State Department, and the Treasury, were targeted by hackers with “ties to Russia.”
On Sunday, Cybersecurity and Infrastructure Security Agency (CISA) Acting Director Brandon Wales said that all federal agencies were ordered to cease the use of SolarWinds Orion IT products. This came after hackers were reported to have breached into internal communications, using an update to gain access.
According to the Washington Post, the breach was at the hands of a Russian military intelligence hacking group known as “Cozy Bear.” Reportedly, this same group was accused of successfully into the State Department when Obama was in office. They were also accused of targeting COVID-19 vaccine research.
In a Breitbart News Radio interview, Secretary of State Mike Pompeo said the breach was a “consistent effort by the Russians to try to get into American servers, not only those of government agencies but of businesses.”
Pompeo continued, “We see this even more strongly from the Chinese Communist Party, from the North Koreans as well. It’s an ongoing battle, an ongoing struggle to keep our systems safe, and I’m very confident the United States Government will keep our classified information out of the hands of these bad actors.”
Acting Director Wales said, “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks. Tonight’s directive is intended to mitigate potential compromises within federal civilian networks… we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks.”
The Hill reported, “SolarWinds counts all five branches of the military among its customers, along with many other federal agencies and 425 of the U.S. Fortune 500 companies.”
Acting Secretary of Defense Chris Miller said in a briefing on Tuesday that he hasn’t seen a compromise of intel as of yet. He said, “Looking at it right now, don’t have anything definitive.”
SolarWinds admitted to the breach, saying that hackers had “exploited a backdoor” in an update to the Orion software from earlier this year. The company stated, “We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.” The company said that around 18,000 clients were likely affected by the attack.
At the same time, a company called FireEye was breached as well. A statement from this company said, “Victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.”
Dominion Voting Systems uses SolarWinds products and it is still not powered down.
— Ron (@CodeMonkeyZ) December 14, 2020
On Tuesday, the National Security Council (NSC) said that a “cyber unified coordination group” was formed and ready to respond to the breach. In a statement, NSC spokesperson John Ullyot said, “A Cyber Unified Coordination Group (UCG) has been established to ensure continued unity of effort across the United States Government in response to a significant cyber incident.
“The UCG process facilitates continuous and comprehensive coordination for whole-of-government efforts to identify, mitigate, remediate, and respond to this incident. The highly-trained and experienced professionals across the government are working diligently on this matter.”
The coordinated and wide-spread cyber attacks of the past week have been said to be one of the largest cybersecurity breaches in American history. It was reportedly a months-long espionage campaign that could have dire effects on our nation’s security.
Senate Commerce Committee Chairman Roger Wicker (R-MS), combined with Senators John Thune (R-SD) and Jerry Morgan (R-KS), said in a joint statement, “Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear.”
Meanwhile, Philip Reiner, CEO of the Institute for Security and Technology, who also formerly served at DoD and on the National Security Council, said incidents like this are bound to continue and even possibly get worse.
He said, “This is just the price that the Department of Defense, the intelligence community and the U.S. government, writ large, are going to pay over and over for their continued and increasing reliance on, at its core, code that someone else wrote and tested on their network.”
Reiner said the government and its agencies do not have a code that’s written and tested by them, so they rely on outside vendors to supply the software. He continued, “As the Department of Defense continues to expand its trust in third-party products and services, because it has no choice, really, this will only get worse. Trust is a transitive property, and threat actors know this, which is why they take advantage of it.”
Retired Air Force Brigadier General Greg Touhill was the federal government’s first chief information security officer. He assisted in the coordinated response to the 2015 breach of the Office of Personnel Management. Touhill told C4ISRNET that he believes this breach is cause for the Department of Defense to be on “red alert.”
Touhill said, “I’m in the DoD, I’m thinking, ‘They’re inside, and they’ve been snooping around and laying low.’ So I’m very concerned to find them in the DoD and across the whole federal government; they should be very concerned. And you know what? Those of us in the industry, we ought to be very concerned as well. So this is a five-alarm fire.”
Apparently Russian hackers took control of the Solarwinds Orion update process. Don't know if today's Google outage is related. More, here https://t.co/icR8toWb8J
— News from Italy (@newsfromitaly) December 14, 2020
Likewise, Trey Herr, director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council, said, “This is just an unprecedented breach of commonly used network management tools. If you’re DoD, you’re looking at a significant impingement on your ability to do every basic office function in a way that you can be assured is not subject to significant compromise.”
Jon Bateman once was a special assistant to former chairman of the Joint Chiefs of Staff General Joseph Dunford, and is now a fellow in the Cyber Policy Initiative at the Carnegie Institute for International Peace. He told C4ISRNET, “You’ve got the leading entities in the world, the U.S government or … FireEye, and then you’ve got the leading hackers in the world, some of them are in Russia. And just given enough time and persistence and effort, the offense can win in huge ways. I think that shows us something about the limits of cybersecurity.”