www.cbsnews.com Open in urlscan Pro
146.75.121.188  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Latest
   * U.S.
   * World
   * Election
   * Politics
   * Entertainment
   * HealthWatch
   * MoneyWatch
   * Investigations
   * Crime
   * Space
   * Sports
   * Essentials
   * Brand Studio
 * Local News
   * Baltimore
   * Bay Area
   * Boston
   * Chicago
   * Colorado
   * Detroit
   * Los Angeles
   * Miami
   * Minnesota
   * New York
   * Philadelphia
   * Pittsburgh
   * Sacramento
   * Texas
 * Live
   * CBS News 24/7
   * Baltimore
   * Bay Area
   * Boston
   * Chicago
   * Colorado
   * Detroit
   * Los Angeles
   * Miami
   * Minnesota
   * New York
   * Philadelphia
   * Pittsburgh
   * Sacramento
   * Texas
   * 48 Hours
   * 60 Minutes
 * Shows
   * 48 Hours
   * 60 Minutes
   * America Decides
   * CBS Evening News
   * CBS Mornings
   * CBS News Mornings
   * CBS Reports
   * CBS Saturday Morning
   * The Daily Report
   * The Dish
   * Eye on America
   * Face the Nation
   * Here Comes the Sun
   * Person to Person
   * Sunday Morning
   * The Takeout
   * The Uplift
   * Weekender
 * * CBS News Investigates
   * CBS Village
   * Podcasts
   * In Depth
   * Newsletters
   * Download Our App
   * CBS News Team
   * Executive Team
   * Brand Studio
   * Paramount Shop
   * Paramount+
   * Join Our Talent Community
   * RSS Feeds
   * A Moment With...
   * Innovators & Disruptors
   * Economy 4.0





 * 60 Minutes Overtime
 * Overtime Latest
 * Original
 * Rewind
 * 60 Minutes



Watch CBS News

60 Minutes Overtime


HOW U.S. CYBER POLICY CHANGED AFTER SOLARWINDS

By Will Croxton

July 4, 2021 / 7:00 PM EDT / CBS News

 * 
 * 
 * 

Experts warn U.S. needs new cyber strategy

Experts warn U.S. needs new cyber strategy 05:14

In March of last year, thousands of companies and U.S. government agencies were
sent a routine software update. This happened regularly with SolarWinds Orion
software. There was no reason to suspect anything was wrong with the update.

What they couldn't see at the time was a malicious piece of code buried deep
within the update, a Trojan horse planted by Russian military hackers looking
for a backdoor to important American computer networks. 

 * SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and
   Commerce Departments
   

Nine months after that compromised software update, cybersecurity firm FireEye
sounded the alarm. They had been hacked. Their crown jewels, what the company
calls "Red Team tools," had been stolen. FireEye suspected that anyone who had
downloaded and installed the SolarWinds Orion update had been hacked too. 



The U.S. Treasury Department, Department of Justice, State Department, Energy
Department, and the agency that protects and transports the U.S. nuclear
arsenal, didn't see the Russians rummaging through their computer networks for
nine months. Businesses, including software titan Microsoft, also found their
systems compromised by the update. SolarWinds says its products are used by
300,000 customers around the globe, and that 18,000 customers downloaded its
compromised software update.

In February, 60 Minutes spoke to cybersecurity experts who said they believe the
U.S. government's strategy for cyber warfare is inadequate and does not
effectively deter its adversaries in cyberspace, including Chris Inglis, who was
later chosen by the Biden administration to become the nation's first National
Cyber Director.



A month after 60 Minutes first aired its report on SolarWinds, the Biden
administration levied sanctions against Russia, blaming the Russian Foreign
Intelligence Service (SVR) for the SolarWinds hack. President Biden has also
taken executive action to bolster U.S. cybersecurity and spoken with Russian
President Vladimir Putin about recent cyberattacks on the U.S., although Russia
has denied responsibility for the hack.


NATIONAL CYBER DIRECTOR

Last month, the Senate confirmed Chris Inglis, a former deputy director of the
National Security Agency, as National Cyber Director— a new White House role
created this January when the National Defense Authorization Act passed in
Congress. White House Advisor Jake Sullivan said Inglis would bring "deep
expertise, experience and leadership" when the nomination was announced. 

In an interview with Bill Whitaker this February, Inglis said the separation
between government and private enterprise, while bound by law and in line with
American values, makes coordination on cyber defense difficult. Without a united
line of defense, that separation can be exploited by an aggressor. 

"It turns out that a division of effort is actually an agreement to not
collaborate," he said. "One party's attempting to defend their patch and another
party's defending their patch. Both sides are ignorant. And the aggressor can
pick you off one at a time."



He suggested greater collaboration between government and private business to
identify and address cyber threats. "Unless there's some collaboration of the
defenders," he explained, "No one person is going to have the god's eye view of
what's happening in that network."

Chris Inglis, confirmed by the Senate to become the nation's first National
Cyber Director, testifies during his confirmation hearing in Washington, DC. 
GETTY IMAGES

In an executive order this May, President Biden created strict new security
standards that supply chain software companies like SolarWinds must meet to do
business with the federal government. The order also requires those companies to
maintain a vulnerability disclosure program and make automated security checks
public.

"Protecting our Nation from malicious cyber actors requires the Federal
Government to partner with the private sector," President Biden said in the
order. "The private sector must adapt to the continuously changing threat
environment, ensure its products are built and operate securely, and partner
with the Federal Government to foster a more secure cyberspace."

In his confirmation hearing last month, Chris Inglis said hacks like SolarWinds
"signal the urgent need to secure our national critical infrastructure" and that
his duties as National Cyber Director would require "robust engagement" with the
private sector. 


CONFRONTING RUSSIA

In April, President Biden ordered the Treasury to designate six Russian
technology companies believed to be providing support to the Russian
Intelligence Service (SVR). "We will continue to hold Russia accountable for its
malicious cyber activities, such as the SolarWinds incident, by using all
available policy and authorities," the White House said. 

Last month, Biden met with Russian President Vladimir Putin in Geneva,
Switzerland. They spoke for roughly three hours, discussing cybersecurity, arms
control, and other topics. Biden said the meeting was "constructive." Both
leaders addressed reporters in separate news conferences afterward.

U.S. President Joe Biden and Russian President Vladimir Putin meet during the
U.S.-Russia summit in Geneva, Switzerland.  GETTY IMAGES

Biden told reporters that Putin "knows I will take action" to stop Russia from
engaging in hacking attacks, like those targeting SolarWinds. Biden added Putin
"knows there are consequences" and said Russia's credibility "shrinks" when it
participates in cyberattacks. When asked if he was confident Putin would change
his behavior, he said, "I'm not confident of anything."



In a separate press conference, Mr. Putin said the two countries would engage in
"consultations" related to cybersecurity but denied Russian responsibility for
recent cyberattacks.

In a conversation with Bill Whitaker this February, James Lewis, a director at
the Center for Strategic and International Studies, said fear of escalation has
held the U.S. back from punishing Russia, and other nation-states, when they
step out of line. "Escalation's a reasonable concern. But it shouldn't be enough
to say, 'Oh, we shouldn't do anything because the Russians might be mad,'" he
said. "The goal is to make them mad. The goal is to make them afraid. How do you
punish the Russians without triggering a major conflict?"

He suggested the U.S. experiment with tactics to find creative ways of
inflicting revenge on Russia. "Could you interfere with their media? Could you
start putting stories in the Russian media?" he offered. "The one that bothers
them the most is corruption because it creates the popular discontent in their
own populations that they don't want." 

He said interfering with money allegedly stashed away in other financial systems
by powerful Russians in government and business could be another deterrent. "We
could interfere a little bit with their financial activities," the Center for
Strategic and International Studies' Lewis suggested. "They have money
squirreled all around the world."

James Lewis retains hope that the Biden administration will be more willing to
explore an offensive strategy with the Russians, and other nations like China,
who attack the U.S. in cyberspace. "[Biden] could rethink how we use the
exquisite capabilities that NSA and Cyber Command have to inflict pain on Russia
and the others," he said. "It's risky. But if we don't take risk, we're not
gonna be able to work our way out of this."

The video above was originally published on February 14, 2021 and was produced
by Will Croxton and Mabel Kabani. It was edited by Will Croxton.


MORE FROM CBS NEWS

FTC Chair Lina Khan wants to keep fighting non-competes
Reversing a fentanyl overdose
Kroger-Albertsons merger could raise grocery costs, FTC chair warns
What's fueling the fentanyl crisis is "not a whodunit," DEA leader says
Why preserving presidential papers at the National Archives is critical
   In:
 * Security Hacker
 * Russia
 * SolarWinds

© 2021 CBS Interactive Inc. All Rights Reserved.


MORE FROM CBS NEWS

FTC CHAIR LINA KHAN WANTS TO KEEP FIGHTING NON-COMPETES

REVERSING A FENTANYL OVERDOSE

KROGER-ALBERTSONS MERGER COULD RAISE GROCERY COSTS, FTC CHAIR WARNS

WHAT'S FUELING THE FENTANYL CRISIS IS "NOT A WHODUNIT," DEA LEADER SAYS





Copyright ©2024 CBS Interactive Inc. All rights reserved.

 * Privacy Policy
 * California Notice
 * Manage Cookies
 * Terms of Use
 * About
 * Advertise
 * Closed Captioning
 * CBS News Store
 * Site Map
 * Contact Us
 * Help

 * facebook
 * twitter
 * instagram
 * youtube

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive
reporting.
Not Now Turn On


REVIEW AND MANAGE YOUR COOKIE SETTINGS

If you consent, we and our 148 partners can store and access personal
information on your device to provide a more personalised browsing experience.
This is accomplished through processing personal data collected from browsing
data stored in cookies. You can provide/withdraw consent and object to
processing based on a legitimate interest at any time by clicking on the
‘Manage’ button.
For more information refer Privacy Policy.


WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Store and/or access information on a device. Use limited data to select
advertising. Create profiles for personalised advertising. Use profiles to
select personalised advertising. Measure advertising performance. Understand
audiences through statistics or combinations of data from different sources.
Develop and improve services. Use limited data to select content. List of
Partners

Accept Reject
Manage



ABOUT YOUR PRIVACY




 * YOUR PRIVACY


 * ESSENTIAL


 * ANALYTIC & PERFORMANCE


 * FUNCTIONAL


 * MARKETING AND ADVERTISING


 * SOCIAL MEDIA


 * STORE AND/OR ACCESS INFORMATION ON A DEVICE 134 PARTNERS CAN USE THIS PURPOSE


 * USE LIMITED DATA TO SELECT ADVERTISING 65 PARTNERS CAN USE THIS PURPOSE


 * CREATE PROFILES FOR PERSONALISED ADVERTISING 103 PARTNERS CAN USE THIS
   PURPOSE


 * USE PROFILES TO SELECT PERSONALISED ADVERTISING 98 PARTNERS CAN USE THIS
   PURPOSE


 * MEASURE ADVERTISING PERFORMANCE 82 PARTNERS CAN USE THIS PURPOSE


 * UNDERSTAND AUDIENCES THROUGH STATISTICS OR COMBINATIONS OF DATA FROM
   DIFFERENT SOURCES 86 PARTNERS CAN USE THIS PURPOSE


 * DEVELOP AND IMPROVE SERVICES 64 PARTNERS CAN USE THIS PURPOSE


 * USE LIMITED DATA TO SELECT CONTENT 15 PARTNERS CAN USE THIS PURPOSE


 * ENSURE SECURITY, PREVENT AND DETECT FRAUD, AND FIX ERRORS 110 PARTNERS CAN
   USE THIS PURPOSE


 * DELIVER AND PRESENT ADVERTISING AND CONTENT 98 PARTNERS CAN USE THIS PURPOSE

YOUR PRIVACY

We process your data to deliver content or advertisements and measure the
delivery of such content or advertisements to extract insights about our
website. We share this information with our partners on the basis of consent and
legitimate interest. You may exercise your right to consent or object to a
legitimate interest, based on a specific purpose below or at a partner level in
the link under each purpose. These choices will be signaled to our vendors
participating in the Transparency and Consent Framework.
Privacy Policy

List of IAB Vendors‎

ESSENTIAL

Always Active

These cookies are essential for the proper functioning of our Services.
Essential cookies cannot be switched off in our systems. You can set your device
to block or alert you about these cookies, but some parts of the Service will
not work.

Cookies Details‎

ANALYTIC & PERFORMANCE

Analytic & Performance Inactive


These Cookies allow us to collect information about how visitors use our
properties. Some examples include counting visits and traffic sources, so we can
measure and improve the performance of our services. If you do not allow these
Cookies we will not know when users have visited our properties and will not be
able to monitor performance.

Cookies Details‎

FUNCTIONAL

Functional Inactive


These Cookies enable the services to provide enhanced functionality and
personalization. They may be set by us or by third party providers whose
services we have added to our services. If you do not allow these Cookies then
some or all of these services may not function properly.

Cookies Details‎

MARKETING AND ADVERTISING

Marketing and Advertising Inactive


These Cookies may be set by us or through our services by our advertising
partners. They may be used by those companies to build a profile of your
interests and show you relevant advertising on this and on other properties. If
you do not allow these Cookies, you will still see ads, but you will experience
less relevant advertising.

Cookies Details‎

SOCIAL MEDIA

Social Media Inactive


These Cookies are set by a range of social media services that we have added to
the services to enable you to share our content with your friends and networks.
They are capable of tracking your browser across other sites, building up a
profile of your interests to show you relevant content and advertisements on the
relevant social networks. If you do not allow these Cookies you may not be able
to use or see these sharing tools.

Cookies Details‎

STORE AND/OR ACCESS INFORMATION ON A DEVICE 134 PARTNERS CAN USE THIS PURPOSE

Store and/or access information on a device Inactive


Cookies, device or similar online identifiers (e.g. login-based identifiers,
randomly assigned identifiers, network based identifiers) together with other
information (e.g. browser type and information, language, screen size, supported
technologies etc.) can be stored or read on your device to recognise it each
time it connects to an app or to a website, for one or several of the purposes
presented here.

List of IAB Vendors‎ | View Illustrations 

USE LIMITED DATA TO SELECT ADVERTISING 65 PARTNERS CAN USE THIS PURPOSE

Use limited data to select advertising Inactive


Advertising presented to you on this service can be based on limited data, such
as the website or app you are using, your non-precise location, your device type
or which content you are (or have been) interacting with (for example, to limit
the number of times an ad is presented to you).

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Illustrations 

CREATE PROFILES FOR PERSONALISED ADVERTISING 103 PARTNERS CAN USE THIS PURPOSE

Create profiles for personalised advertising Inactive


Information about your activity on this service (such as forms you submit,
content you look at) can be stored and combined with other information about you
(for example, information from your previous activity on this service and other
websites or apps) or similar users. This is then used to build or improve a
profile about you (that might include possible interests and personal aspects).
Your profile can be used (also later) to present advertising that appears more
relevant based on your possible interests by this and other entities.

List of IAB Vendors‎ | View Illustrations 

USE PROFILES TO SELECT PERSONALISED ADVERTISING 98 PARTNERS CAN USE THIS PURPOSE

Use profiles to select personalised advertising Inactive


Advertising presented to you on this service can be based on your advertising
profiles, which can reflect your activity on this service or other websites or
apps (like the forms you submit, content you look at), possible interests and
personal aspects.

List of IAB Vendors‎ | View Illustrations 

MEASURE ADVERTISING PERFORMANCE 82 PARTNERS CAN USE THIS PURPOSE

Measure advertising performance Inactive


Information regarding which advertising is presented to you and how you interact
with it can be used to determine how well an advert has worked for you or other
users and whether the goals of the advertising were reached. For instance,
whether you saw an ad, whether you clicked on it, whether it led you to buy a
product or visit a website, etc. This is very helpful to understand the
relevance of advertising campaigns.

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Illustrations 

UNDERSTAND AUDIENCES THROUGH STATISTICS OR COMBINATIONS OF DATA FROM DIFFERENT
SOURCES 86 PARTNERS CAN USE THIS PURPOSE

Understand audiences through statistics or combinations of data from different
sources Inactive


Reports can be generated based on the combination of data sets (like user
profiles, statistics, market research, analytics data) regarding your
interactions and those of other users with advertising or (non-advertising)
content to identify common characteristics (for instance, to determine which
target audiences are more receptive to an ad campaign or to certain contents).

List of IAB Vendors‎ | View Illustrations 

DEVELOP AND IMPROVE SERVICES 64 PARTNERS CAN USE THIS PURPOSE

Develop and improve services Inactive


Information about your activity on this service, such as your interaction with
ads or content, can be very helpful to improve products and services and to
build new products and services based on user interactions, the type of
audience, etc. This specific purpose does not include the development or
improvement of user profiles and identifiers.

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Illustrations 

USE LIMITED DATA TO SELECT CONTENT 15 PARTNERS CAN USE THIS PURPOSE



Content presented to you on this service can be based on limited data, such as
the website or app you are using, your non-precise location, your device type,
or which content you are (or have been) interacting with (for example, to limit
the number of times a video or an article is presented to you).

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Illustrations 

ENSURE SECURITY, PREVENT AND DETECT FRAUD, AND FIX ERRORS 110 PARTNERS CAN USE
THIS PURPOSE

Always Active

Your data can be used to monitor for and prevent unusual and possibly fraudulent
activity (for example, regarding advertising, ad clicks by bots), and ensure
systems and processes work properly and securely. It can also be used to correct
any problems you, the publisher or the advertiser may encounter in the delivery
of content and ads and in your interaction with them.

List of IAB Vendors‎ | View Illustrations 

DELIVER AND PRESENT ADVERTISING AND CONTENT 98 PARTNERS CAN USE THIS PURPOSE

Always Active

Certain information (like an IP address or device capabilities) is used to
ensure the technical compatibility of the content or advertising, and to
facilitate the transmission of the content or ad to your device.

List of IAB Vendors‎ | View Illustrations 
Back Button


VENDORS LIST

Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Clear
checkbox label label
Apply Cancel
Save Settings
Reject Accept

Manage Cookies