Preparing for cyberstrike on Russia,
US confronts new hacking by China
Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China.
Taken together, the responses will start to define how President Joe Biden fashions his new administration’s response to escalating cyberconflict and whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defences to spy, steal information and potentially damage critical components of the nation’s infrastructure.
The first major move is expected over the next three weeks, officials said, with a series of covert counterstrikes on Russian networks that are intended to be evident to President Vladimir Putin and his intelligence services and military but not to the wider world.
The officials said the strikes would be combined with some kind of economic sanctions — though there are few truly effective sanctions left to impose — and an executive order from Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm.
The issue has taken on added
urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors.
Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability.
But that touched off a race between those responsible for patching the systems and a raft of new attackers — including multiple other Chinese hacking groups, according to Microsoft — seeking to exploit the holes in the system while they could.
The US government has not made public any formal determination of who was responsible for the hacking, but at the White House and on Microsoft’s campus in Redmond, Washington, the fear is that espionage and theft may be a prelude to far more destructive activity, such as changing data or wiping it out.
The White House underscored the seriousness of the situation in a statement yesterday from the National
Security Council. “The White House is undertaking a whole of government response to assess and address the impact” of the Microsoft intrusion, the statement said. It said the response was being led by Anne Neuberger, a former senior National Security Agency official who is the first occupant of a newly created post: deputy national security adviser for cyber and emerging technologies.
The statement said that national security officials were working throughout the weekend to address the hacking and that “this is an active threat still developing, and we urge network operators to take it very seriously”.
Jake Sullivan, Biden’s national security adviser, said on Twitter on Friday that the White House was “closely tracking” the reports that the vulnerabilities in Microsoft Exchange were being used in “potential compromises of US think tanks and defence industrial base entities”.
The discovery came as Biden’s national security team, led by Sullivan and Neuberger, has moved to the top of its agenda an effort to deter attacks, whether their intent is theft, altering data or shutting down networks. For the president, who promised that the Russian attack would not “go unanswered,” the administration’s reactions in the coming weeks will be a test of his ability to assert US power in an often unseen but increasingly high-stakes battle among major powers in cyberspace.