The White House said today the Federal government’s Unified Coordination Group (UCG) of intelligence and law enforcement agencies responding to the Microsoft Exchange hack now includes private sector firms.
The inclusion of private sector firms in the Federal response effort was first disclosed late last week by a senior Biden administration official who provided updates to the government’s response to the Microsoft Exchange and SolarWinds Orion hacking incidents.
White House Press Secretary Jen Psaki said today the National Security Council (NSC) last week established a UCG task force to drive the government’s response to the Microsoft Exchange incident – that group includes the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and support from the National Security Agency (NSA).
She said today the UCG task force also includes “for the first time” private sector members, although she did not name them.
“We invited the private sector partners based on their specific insights to this incident, an approach the NSC will take going forward as appropriate,” Psaki said. “The UCG discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners, could use for tracking the incident, going forward.” She added that Microsoft released a “one-click” mitigation tool for small businesses to respond to the hacking incident.
Last week, the senior Biden administration official said, “We want to ensure we are taking every opportunity to include key private sector participants early and directly in our remediation efforts.”
In a separate statement today, Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technology, said the administration is “committed to working with the private sector to build back better – including to modernize our cyber defenses and enhance the nation’s ability to respond rapidly to significant cybersecurity incidents.”
The senior administration official said last week that the cyber response model going forward will include more participation from the private sector. In particular, the official said that cooperation is being sought with “a small number of key companies who have broad visibilities: Internet service providers, cloud providers, some of the cybersecurity providers. They really see the larger number of victims.”