March 27, 2021
Thousands of companies were affected by the recent cyber attacks should pushed the U.S. to rethink how it responds to cyberattacks, the head of the country’s top digital spy agency said on Thursday before the Senate committee. When Microsoft Corp. blamed Chinese hackers for the attacks on its Exchange Server Software, the U.S. attributed attacks on SolarWinds to Russia but both the countries denied it. More than a 100,000 of customers was affected and were detected by private-sector companies.
When asked by the committee chairman, Sen. Jack Reed, D-R.I., on the intrusions. Gen. Paul Nakasone, the director of the National Security Agency, who also serves as the head of U.S. Cyber Command said, “This is a scope, a scale, a level of sophistication that we hadn’t seen before and this is not simply email phishing attempts – this is the use of supply chains, or this is the use of vulnerabilities we had not seen previously”. He also added that “It is the clarion call for us to look at this differently on how we ensure as a nation both the resiliency and the ability to act against these type of adversaries”.
It clearly shows how the foreign state hackers have taken advantage of legal constraints that prevent U.S. intelligence agencies such as the NSA, whose surveillance is focused abroad, from monitoring domestic infrastructure for cyber threats. They can evade detection by the U.S. government as they increasingly using U.S. based virtual private networks, or VPNs.
He further added, that “It is not the fact that we can’t connect the dots. We can’t see all of the dots”.
The U.S. is working to encourage information sharing from the private sector on cyber threats, said a government official to reporters earlier this month. But most of the private companies are reluctant in sharing information on hacks or attempted hacks with the FBI and other government agencies, as they fear of negative impact on their business.