Washington, D.C.—U.S. Senator Susan Collins, a member of the Intelligence Committee, participated in a hearing on the massive, months-long SolarWinds hack uncovered in December 2020 that spread to at least nine federal agencies—including at the Department of Homeland Security, the State Department, and the National Nuclear Security Administration—as well as many large private companies. The attack was most likely perpetrated by Russia.
Improving cybersecurity has been a longtime priority for Senator Collins. In 2012, she introduced a bill with then-Senator Joe Lieberman (I-CT) to help secure critical infrastructure and encourage information sharing, and she has continued to push the federal government and companies to protect their networks. Chairman Mark Warner (D-VA) and Senator John Cornyn (R-TX) both referenced Senator Collins’ 2012 cybersecurity bill in their remarks at the hearing. In his opening statement, Senator Warner said, “As I pointed out, Senator Collins was way ahead of all of us on this issue, literally years and years ago, when she and Senator Lieberman first put forward legislation that required this critical mandatory reporting on critical infrastructure.”
Senator Collins directed her first question to FireEye CEO Kevin Mandia, whose company uncovered the hack.
“We know from the White House's report, and from our own briefings, that the hackers did gain access to at least nine federal agency networks, yet the U.S. government learned of this cyberattack through FireEye,” said Senator Collins. “[I]s it reasonable for us to assume that our government probably would still be in the dark about the Russians…being on our systems if it were not for your voluntary disclosure?
Mr. Mandia told Senator Collins that the problem likely would have been found eventually since there were indications that something was amiss, but “nobody could put their finger on the larger problem.”
Senator Collins has repeatedly raised the alarm about how vulnerable the United States’ critical infrastructure is to cyberattacks. Although the SolarWinds operation was apparently focused on stealing information rather than taking down networks, she asked the witness panel whether the hackers were in a position to cause serious damage.
“Disruption would've been easier than what they did,” Mr. Mandia responded. “They had focused, disciplined data theft. It's easier to just delete everything in blunt force trauma and see what happens, which other actors have done…[O]bviously, they had the access required and the capability required should they have wanted to be disruptive, to have done so.”
Sudhakar Ramakrishna, President and CEO of SolarWinds, and Brad Smith, President of Microsoft, agreed with Mr. Mandia. Mr. Smith added that part of the solution to reducing the risk of cyberattacks in the future will entail upgrading the software that runs critical infrastructure—which is sometimes decades old—and increasing the number of cybersecurity professionals.