I Was the Homeland Security Adviser to Trump. We're Being Hacked.

https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html#click=https://t.co/W79gqx8hfM
"The magnitude of this national security breach is hard to overstate."

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians control and which ones they just occupy. It also is impractical. In 2017, the federal government was ordered to remove from its networks software from a Russian company, Kaspersky Lab, that was deemed too risky. It took over a year to get it off the networks. Even if we double that pace with SolarWinds software, and even if it wasn’t already too late, the situation would remain dire for a long time.

The remediation effort alone will be staggering. It will require the segregated replacement of entire enclaves of computers, network hardware and servers across vast federal and corporate networks. Somehow, the nation’s sensitive networks have to remain operational despite unknown levels of Russian access and control. A “do over” is mandatory and entire new networks need to be built — and isolated from compromised networks.

Cyber threat hunters that are stealthier than the Russians must be unleashed on these networks to look for the hidden, persistent access controls. These information security professionals actively search for, isolate and remove advanced, malicious code that evades automated safeguards. This will be difficult work as the Russians will be watching every move on the inside. The National Defense Authorization Act, which each year provides the Defense Department and other agencies the authority to perform its work, is caught up in partisan wrangling. Among other important provisions, the act would authorize the Department of Homeland Security to perform network hunting in federal networks. If it wasn’t already, it is now a must-sign piece of legislation, and it will not be the last congressional action needed before this is resolved.