02/26/2021 | Press release | Distributed by Public on 02/26/2021 19:37
WASHINGTON - Today, in the House Committee on Oversight and Reform's joint hearing with the House Committee on Homeland Security on the SolarWinds cyberattack, titled 'Weathering the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing Campaign,' Congressman Raja Krishnamoorthi questioned Microsoft President and Chief Legal Officer Brad Smith on what steps would need to be taken to remedy breached networks. This hearing was held to uncover information on the 2019 'supply chain attack' of SolarWinds' Orion network monitoring software by foreign actors. The data breach impacted 18,000 customers, nine federal agencies, and about 100 private sector companies.
Citing a 60-minutes interview from Mr. Smith in which he indicated that these data attacks were ongoing, Congressman Krishnamoorthi asked whether there were avenues to replace the malware. Congressman Krishnamoorthi noted that, 'we need a foolproof way to eject the intruder from our home. We cannot be in a situation where the intruder has carte blanche espionage capability on us.' In response, Mr. Smith suggested that cybersecurity forensic investigations would need to be conducted and that certain cybersecurity steps can be taken by organizations to protect their systems going forward.
'The SolarWinds breach was a sophisticated, comprehensive, and widespread attack on our technical infrastructure, and today's hearing was essential for uncovering the extent of the breach and the importance of improved American cyber security. This type of transparency from technology companies within the U.S. and cooperation between House and Senate committees will be crucial for determining the policies necessary to improve our current systems and to protect ourselves from foreign adversaries, including Russia. As I said during the hearing, we cannot allow the intruder to enter our house, stay in our house, and destroy our house.'
Congressman Krishnamoorthi's questioning during this hearing is available here.