Warner went on to state that Russia “came away with a big, big haul,” but that the government is still analyzing the extent of the attack, saying it will take “literally weeks to continue to ferret this out and then potentially months to remediate.”
Last week, it was revealed that several U.S. government departments, including Homeland Security, State and Treasury, among others, were the victims of a monthslong cyberattack that began with a breach of software contractor SolarWinds. The Cybersecurity and Infrastructure Security Agency described the intrusion as a “grave risk to the Federal Government … as well as critical infrastructure entities and other private sector organizations.”
Despite that characterization and expressions of concern from members of Congress, including many Republicans, Trump downplayed the breach in a tweet Saturday, claiming the media is exaggerating the impact and that “everything is well under control.”
The president additionally cast doubt upon Russia’s responsibility for the hack one day after Pompeo stated otherwise, writing that the media is “petrified of discussing the possibility that it may be China (it may!).” The secretary told conservative radio host Mark Levin Friday that “we can say pretty clearly that it was the Russians that engaged in this activity.”
“When the president of the United States either tries to deflect, or is not willing to call out the adversary as we make this attribution, he is not making our country safer,” Warner said Sunday.
On “This Week,” the senator allowed for the possibility that, despite the discovery of the breach, “it may be ongoing.” He added that SolarWinds’ extensive list of customers across the government allowed for the attackers to work down its “supply chain” and “ultimately get down to some of our most important innovation tools,” describing the implications as “extraordinarily serious.”
For now, Warner said “there’s no indication yet [that] classified networks have been breached,” but noted that “critical information” and potentially intellectual property related to cyber defense systems had been stolen from FireEye, the cybersecurity firm that first called attention to the intrusion.
To that point, Stephanopoulos challenged Warner on the U.S.’ own international cyber activities, noting that the country engages in similar efforts.
“How do you respond to those who say this is exactly the kind of thing America does all the time?” Stephanopoulos asked. “We attack and we conduct espionage on foreign governments and foreign systems.”
The senator characterized Russia’s alleged actions as “indiscriminate” in his answer, appearing to indicate that the hack was more extensive than the U.S.’ activities.
“This is as broad and as deep as anything we’ve ever seen,” Warner said, adding, “the idea that that should go unanswered would be very bad American policy” and could “invite Russians, or others to continue these kinds of malicious activities.”
As for the federal government’s next steps, Warner argued that it needs to evaluate its cyber regulations and potentially implement rules that require private companies to report attacks and intrusions. He further likened the country’s digital defense to the military, suggesting priorities shift in the modern age.
“I sometimes think we disproportionately spend on tanks, ships and guns, when we should be better protecting on cyber,” the senator said.