As the most daring details hack the US government in recent memory continued to stun lawmakers and the public, a government watchdog released a scathing report saying federal agencies failed to implement key safeguards for their technology supply chains some information.
The US Government Accountability Office report was completed in October, but was not released until Tuesday following the recent attacks, believed to be the work of elite Russian hackers. It found that 14 of 23 federal agencies surveyed had not implemented any of the “fundamental practices” to protect their “information and communications technology” supply chains recommended in 2015 by a government standards group.
None of the agencies implemented all of the recommended changes. Among the agencies interviewed, several were hacked by suspected Russian attackers: commerce, the treasury and the state.
Lawmakers who recently received a confidential briefing on the attack say it is one of the most serious in recent years. Connecticut Democrat Senator Richard Blumenthal said in a tweet Tuesday that the briefing had left him “deeply alarmed, in fact downright scared.” Dick Durbin, the second-highest-ranking Democrat in the Senate, told CNN on Wednesday that the hack was “practically a declaration of war.”
The Office of Management and Budget asked agencies in 2016 to implement recommendations made by the National Institute of Standards and Technology, according to GAO.
“Supply chains are being targeted by increasingly sophisticated actors, including foreign countries threatened by cyber threats like Russia, China, Iran and North Korea”,reportStates. “Attacks by such entities are often particularly sophisticated and difficult to detect.” The report warns of hackers inserting a so-called “backdoor” into the supply chain, which appears to be exactly what happened in the attack on federal agencies.
The report offers the first clues to a crucial question regarding the recent cyberattack: How did the US government miss hackers in the computer networks of so many agencies?
These hackers are believed to be linked to the Russian government and also raped the Department of Homeland Security and parts of the Pentagon, according to a person familiar with the matter. Hackers installed a malicious vulnerability, or backdoor, in popular software produced by information technology provider SolarWinds, whose clients include many U.S. government agencies and Fortune 500 companies, according to the company and cybersecurity experts.
It is still unclear what the hackers accessed, nor how many agencies and other entities were successfully breached.
Representatives from GAO and OMB did not return a message requesting comment.
The GAO report also warned of the potentially disastrous consequences of a successful attack on the supply chain.
“For example, threat actors could take control of federal information systems; reduce the availability of materials or services needed to develop systems; destroy systems, cause injury and loss of life, and jeopardize national security; or steal intellectual property and sensitive information, ”the report says.
Federal agencies remain vulnerable to supply chain attacks until they implement all of the recommended changes, GAO said. Until then, according to the report, “they will continue to be vulnerable to malicious actors who could exploit risks in the ICT supply chain to disrupt mission operations, harm individuals or steal property. intellectual. “
More to read absolutely technological coverage of Fortune:
- The bank manager proposes distant crypto idea “This should be the next Nobel Prize”
- After a successful IPO, DoorDash’s challenge now is to generate profits
- Big Tech risks big fines, and even breaking, under new European content and antitrust rules
- Apple Fitness + Workout Service: Enthusiasm, energy and a lot of integration
- Disney profits on streaming services are expected to fall.and investors love