Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology.
So, first, what happened ?
Hackers launched a broad and indiscriminate effort to compromise the network management software used by both government and the private sector. The intelligence community is looking at who is responsible. Until that study is complete, I’ll use the language we previously used, which was to say an advanced persistent threat actor, likely of Russian origin, was responsible.
As of today, 9 federal agencies and about 100 private sector companies were compromised. As you know, roughly 18,000 entities downloaded the malicious update. So the scale of potential access far exceeded the number of known compromises. Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions.
So, finally, and most significantly, what are we going to do about it? Three things:
- First, finding and expelling the adversary.
- Second, building back better to modernize federal defenses and reduce the risk of this happening again.
- And finally, potential response options to the perpetrators.