The Federal government is curtailing its “surge” response to the SolarWinds Orion and Microsoft Exchange hacks after seeing improvements in patching that have helped to remediate the impacts of the cyber attacks, the Biden administration said today.
The Trump administration in December 2020 set up a Cyber Unified Coordination Group (UCG) – including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Director of National Intelligence (DNI), with support from the National Security Agency (NSA) – to coordinate a “whole of government” response to the SolarWinds supply chain hack. The Biden administration took the same step in March in response to the Microsoft Exchange attack.
According to a statement today from Anne Neuberger, deputy national security advisor for cyber and emerging technology, the Biden administration is “standing down from the current UCG surge efforts” because of “vastly increased patching and reduction in victims.”
Going forward, the administration said it will “handling further responses through standard incident management procedures.”
The White House said lessons learned from the UCG responses to both attacks will be used to improve future cyber incident responses. Some of those lessons include integrating private sector partners at the “executive and tactical levels” – a move it said paid off during the Microsoft Exchange response by delivering a “one-click tool” to speed victims’ patching and clean-up efforts.
Also listed under lessons learned was CISA’s creation of methods to track trends in patching and exposed servers, the release by NSA and CISA of advisories explaining attack techniques and mitigation steps, and efforts by the FBI and Department of Justice to quickly figure the scope of the attacks. That letter effort, the White House said, reduced in the SolarWinds attack aftermath a “worst case” estimate of 16,800 victims to “few that 100 targeted exploited non-government entities.”
“While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector,” the White House said.
The White House is expected to issue an executive order on cybersecurity policy soon, but today’s statement gave no indication of when that might take place.