The United States government, via the Office of the President, announced the creation of the Cyber Unified Coordination Group (UCG) composed of the FBI, CISA and the ODNI, with support from the NSA. The stated purpose of the UCG is to “coordinate the investigation and remediation” of the SolarWinds compromise. The compromise is characterized as an espionage operation carried out by Russia.

The UCG acknowledged that there is still much to learn and that the members continue to strive to understand the scope of the hostile activity which targeted both public and private entities.

The foreign hand: Russia

The joint communique did not bury the lede, pointing the finger for the espionage operation at Russia. Offered up in general terms was how Russia is “responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks”

The UCG is quick to highlight that compromise does not equate to exploitation, and then goes on to say that “fewer than ten U.S. government agencies” have been exploited, without identifying which agencies/departments were fleeced.

Many hands make light work

The division of duties within the UCG has CISA in the leadership role, taking responsibility for providing information intra-government and with the private sector. The ODNI will coordinate the creation of intelligence community requirements to “ensure the UCG has the most up-to-date intelligence to drive the U.S. government mitigation and response activities.” While the NSA is taking the lead with providing “intelligence, cybersecurity expertise and actionable guidance.”

NSA’s guidance will be shared with the National Security Systems, Department of Defense and the Defense Industrial Board system owners. The FBI is investigating and collecting the necessary information to “attribute, pursue and disrupt the responsible threat actors”

National Security Council spokesman John Ullyot stated, “The highly-trained and experienced professionals across the government are working diligently on this matter.”

FSO’s can help themselves

Affected national industrial security program managers and facility security officers may wish to review the CISA executive directives (and subsequent guidance) and be proactive by reaching out to their cognizant security authorities to ensure that information and resources needed to affect the technical mitigation of the SolarWinds compromise is received, understood, and implemented.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com

<