SOLARWIND HACK HAPPENED UNDER PREZ TRUMP. WOULD'VE NEVER HAPPENED UNDER BIDEN.

[Joe Capitalist]

The SolarWinds hack, first detected in December 2020, tarnishes any assessment of the cybersecurity legacy of the administration of President Donald Trump. During Trump's last days in office, as the president pressed to overturn the results of the November election, the federal government scrambled to contain the fallout from an ongoing intelligence operation believed to be the worst intrusion in the country's history.

Trump's critics have roundly pointed to the hack as a climax of an administration that has not taken cybersecurity seriously.

"This assault happened on Donald Trump's watch when he wasn't watching," President-elect Joe Biden said during a December press conference. "The Trump administration failed to prioritize cybersecurity."

Trump declined to support the intelligence community's attribution of the hack to Russia, and suggested via Twitter – the social network from which he's now permanently banned – that China might have had a hand in the breach.

Trump's dismissal of the attribution in the SolarWinds breach echoed his comments in a 2016 debate with rival Hillary Clinton, in which Trump downplayed the possibility that Russia was behind the hack of Democratic National Committee.

"I mean, it could be Russia, but it could also be China. It could also be lots of other people," Trump said. "It also could be somebody sitting on their bed that weighs 400 pounds, okay."


The Cybersecurity and Infrastructure Security Agency is one of the newest agencies within the federal government, formally created by legislation signed by Trump in 2018. But its role in the 2020 elections brought it to national prominence in the months leading up to Nov 3.

Since the Democratic National Committee's systems were compromised in 2016, questions of election security have become synonymous with cybersecurity. This in turn made CISA the go-to agency for states requiring assistance. CISA's part in doing that has won it bipartisan praise.

Sen. Angus King (I-Maine) characterized the agency as "an extraordinary success story" in part because of CISA's ability to gain the states' trust.

"I recall sitting in hearings with [state election officials] back in 2017 and they were very resistant to federal involvement in elections. They were almost hostile," he told FCW.

The agency's first director, Chris Krebs, a former Microsoft executive and senior DHS official who headed CISA's predecessor agency, became equally synonymous with the agency's success. "Chris Krebs and CISA overcame that" resistance, King said

Rep. Michael Gallagher (R-Wis.), when asked about the administration's cybersecurity legacy, said, "I think what's gone right has been CISA in general and Chris Krebs in particular."

Ari Schwartz, a cybersecurity official at the National Security Council during the Obama administration, said CISA brought new credibility to DHS.

"DHS had lacked credibility for years and years and one thing you can say about what Chris Krebs has done is he certainly has got a lot more credibility for CISA as a cybersecurity institution than what the pieces of it had," Schwartz said.

Trump's decision to fire the CISA chief after the Nov. 3 election prompted bipartisan rebukes.

But CISA's responsibility extends beyond election security. It has also become an authority for programs within the government designed to improve cybersecurity.

Easing out legacy policy
Margie Graves, the former deputy federal CIO, who left her post at the White House's Office of Management and Budget in December 2019, said the administration has also made significant progress on programs such as the Trusted Internet Connection.

TIC, originally created in 2007, is designed to monitor incoming and outgoing agency data. Earlier versions of TIC sought to reduce the number of entry and exit points for data.

"It became a different kind of problem to where you had a single point of ingress and egress that was causing operational issues with latency problems," said Graves.

This led to a change in how the government sought to use TIC: provide agencies with the tools to manage their security points rather than directing specific implementation measures.

"It opened up the aperture to allow other tools to be used," said Suzette Kent, the federal chief information officer from January 2018 to June 2020.

"The tools had to be proven to CISA. They had to go through use-case examination. They had to meet the same outcomes … it further helped us advance some of our cloud protocols because we could use more modern tools to achieve that same thing versus running everything through the same pipe," Kent continued.



Fucking incompetent moron Trump

[ThatOwlWoman]

I had to look up what the hack was. For anyone else wondering:

"A sophisticated malware campaign attributed to Russian intelligence breached the email accounts of government officials tasked with identifying foreign threats to US national security, according to an AP report Monday. Chad Wolf, appointed acting secretary of the US Department of Homeland Security by President Donald Trump in December 2019, was reportedly among the officials whose email accounts were hacked. Other DHS high-level DHS officials saw their accounts hacked, too.

"It's the latest update on a hacking campaign that used tainted software from IT management company SolarWinds, as well as other hacking techniques, to breach thousands of organizations and tunnel deeper into at least nine federal agencies and 100 private companies. The breached email accounts indicate that not even the government agency in charge of defending the US from foreign hacking attacks was immune from the far-reaching hacking campaign, which lawmakers attributed in part to barriers to communication between private companies and the federal government during a Feb. 26 hearing of the House Oversight and Homeland Securities committees."

https://www.cnet.com/news/solarwinds...-need-to-know/

It figures that despite the gravity of this breach, the IMPOTUSx2 was far more interested in whining and spreading The Big Lie than addressing it -- or anything else.