The federal Cybersecurity and Infrastructure Security Agency (CISA) recently reported widespread hacks involving government agencies and private businesses — an apparent attack linked to Russia that may have gone unreported for up to nine months.
The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, CISA announced in an unusual warning message Thursday.
Established under President Trump in 2018, CISA operates under the Department of Homeland Security (DHS) oversight.
Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established when Trump signed the Cybersecurity and Infrastructure Security Agency Act.
CISA’s mission is to “build the national capacity to defend against cyber attacks” and to work “with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the .gov networks that support the essential operations of partner departments and agencies.”
CISA is an independent arm under DHS, on par with the Secret Service or Federal Emergency Management Agency (FEMA).
Christopher Krebs was CISA’s first director. He was fired by President Donald Trump in November.
Like the NPPD, CISA oversees the Federal Protective Service (FPS), the Office of Cyber and Infrastructure Analysis (OCIA), the Office of Cybersecurity & Communications (OC&C) and the Office of Infrastructure Protection (OIP).
In an effort to reduce CISA’s backlog in cybersecurity vulnerability assessments, a Senate panel recently proposed offering CISA an additional $59 million in the Fiscal Year 2021 budget.
For the 2020 election, the agency conducted 131 remote penetration tests and 59 onsite risk and vulnerability assessments for local election infrastructure and approximately 263 election officials around the country are receiving weekly vulnerability scan reports. It also helped train thousands of election officials through online security courses.
This month, CISA reported a massive, ongoing hacking campaign believed to have started in March and be the work of Russia. The Energy Department, the Department of State, the Defense Department and DHS have all reported being compromised. Those government branches join earlier assessments confirming that the Departments of Treasury and Commerce had been breached in what investigators believe to be a mass-scale Russian intelligence operation.
On Sunday, CISA announced the intrusion involving SolarWinds Orion products, which is now under FBI investigation, and directed all federal agencies to disconnect from the breached network-management software.
SolarWinds’ clientele roster traverses some 300,000 organizations — including other highly sensitive federal agencies ranging from the Department of Justice and the Centers for Disease Control (CDC), as well as thousands of private companies.
Almost all Fortune 500 companies are reported to use SolarWinds products to scan their networks, including major defense contractors such as Boeing, according to The New York Times.
Russia has denied involvement in the campaign.
Nonetheless, preliminary reviews of the encroachments suspect that the sophistication of the attacks lends itself to the work of Russia’s Foreign Intelligence Service (SVR — the espionage wing that succeeded the Soviet Union’s former secret police, the KGB). The belief that the SVR is behind the attacks stems from the hackers being especially judicious in drawing data from particular targets.
Fox News’ Hollie McKay contributed to this report.