The United States government, via the Office of the President, announced the creation of the Cyber Unified Coordination Group (UCG) composed of the FBI, CISA and the ODNI, with support from the NSA. The stated purpose of the UCG is to “coordinate the investigation and remediation” of the SolarWinds compromise. The compromise is characterized as an espionage operation carried out by Russia.
The UCG acknowledged that there is still much to learn and that the members continue to strive to understand the scope of the hostile activity which targeted both public and private entities.
The foreign hand: Russia
The joint communique did not bury the lede, pointing the finger for the espionage operation at Russia. Offered up in general terms was how Russia is “responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks”
The UCG is quick to highlight that compromise does not equate to exploitation, and then goes on to say that “fewer than ten U.S. government agencies” have been exploited, without identifying which agencies/departments were fleeced.
Many hands make light work
The division of duties within the UCG has CISA in the leadership role, taking responsibility for providing information intra-government and with the private sector. The ODNI will coordinate the creation of intelligence community requirements to “ensure the UCG has the most up-to-date intelligence to drive the U.S. government mitigation and response activities.” While the NSA is taking the lead with providing “intelligence, cybersecurity expertise and actionable guidance.”
NSA’s guidance will be shared with the National Security Systems, Department of Defense and the Defense Industrial Board system owners. The FBI is investigating and collecting the necessary information to “attribute, pursue and disrupt the responsible threat actors”
National Security Council spokesman John Ullyot stated, “The highly-trained and experienced professionals across the government are working diligently on this matter.”
FSO’s can help themselves
Affected national industrial security program managers and facility security officers may wish to review the CISA executive directives (and subsequent guidance) and be proactive by reaching out to their cognizant security authorities to ensure that information and resources needed to affect the technical mitigation of the SolarWinds compromise is received, understood, and implemented.