EE.UU. debería apoyar al presidente electo Milei 10 de diciembre del 2023 La Nación …Milei es un aliado y EE.UU. debería apoyarlo. El presidente Joe Biden debería darle la bienvenida a Milei porque en estos momentos es difícil encontrar aliados en Latinoamérica y el...
Rubio, Gallagher Statement on Biden Admin’s Watered-down Sanctions on Chinese Officials Conducting Genocide
The Biden Administration has been slow to implement sanctions under the Uyghur Human Rights Policy Act, which became law in 2020, and seeks to hold the perpetrators of the Uyghur genocide accountable. U.S. Senator Marco Rubio (R-FL) and U.S. Representative Mike...
In-person Mobile Office Hours Monday, December 11, 2023 Jackson County 9:30am – 11:00am CST UF/IFAS Jackson County Extension 2741 Penn Ave. Suite 3 Marianna, FL 32448 Click Here Pinellas County 1:30pm – 3:00pm EST Pinellas Park Chamber of Commerce 5851 Park...
Foreign adversaries, including China, have significantly increased covert tactics to infiltrate American colleges and K-12 schools. They do this to steal research, spread propaganda, and silence students and academics. U.S. Senator Marco Rubio (R-FL) and...
The criminal Maduro regime issued bogus warrants to arrest members of the Venezuelan opposition, including several campaign staffers working for opposition leader María Corina Machado, who won the opposition’s primary election earlier this year. Last night, Roberto...
El senador estadounidense Marco Rubio (R-FL) habló con Ninoska Pérez en La Poderosa 670 AM, sobre los grupos en EE.UU. que apoyan la masacre que lidera Hamás contra Israel, sobre los reclamos para un cese de fuego, sobre el arresto de Manuel Rocha y más. Una...
Vice Chairman Rubio Opening Statement for SolarWinds Hack Hearing
Washington, D.C. — Senate Select Committee on Intelligence Vice Chairman Marco Rubio (R-FL) and Chairman Mark Warner (D-VA) convened an open hearing to examine the SolarWinds hack.
A livestream of the hearing can be found on the committee’s website here.
Vice Chairman Rubio’s opening remarks as prepared can be found below.
Vice Chairman Rubio: Thank you Mr. Chairman, for convening this hearing.
I’d also like to welcome our witnesses from Microsoft, Fire Eye, SolarWinds, and Crowd Strike who are here to help the Committee’s examination of the largest cyber supply chain operation ever detected.
We appreciate you being with us this afternoon.
I would note that we also extended an invitation to Amazon to participate and they chose not to.
The operation we will be discussing today utilized Amazon’s infrastructure, at least in part, to be successful. I had hoped Amazon would provide their cooperation.
This cyber operation involved the modification of the SolarWinds Orion platform – a widely used software product– to include a malicious backdoor that was downloaded by up to 18,000 SolarWinds customers between March and June 2020.
Perhaps most insidious about the operation was that it hijacked the very security advice promulgated by computer security professionals to verify and apply patches as they are issued.
There are many concerning aspects to this operation that raise significant questions.
One, my understanding is that if FireEye had not investigated an anomalous event within their own network in November 2020, it is quite possible that this operation would be continuing, unfettered today.
Despite the investment that we have made in cybersecurity, collectively between the government and the private sector, no one detected this activity earlier – and this actor was within SolarWinds network since at least September 2019.
Put simply, how did we miss this? What are we still missing? And what do we need to do to make sure we don’t miss it again?
Second, what exactly did these actors do? Based on what we know – to include what government has stated publicly – the actor seems to have undertaken follow-on operations against a very small subset of the 18,000 networks to which they potentially had access.
Aside from the mechanical aspects of removing a hacker from a network, what do we know about why these actors chose the targets they did, what actions they undertook within those victim networks, and what do we know that we do not know?
And perhaps most importantly, who has the single, comprehensive view of the totality of activity undertaken by this actor?
Third, what is it going to take to rebuild and have confidence in our networks? In speaking with several of you, one of the hallmarks of this operation was the great care taken by the adversary to use bespoke infrastructure and tradecraft for each victim.
Unlike other malware or ransomware clean-up operations, there is no template here that can be used for remediation. What is it going to take to have confidence in both government and private sector networks again?
Fourth, what do we need to do to raise the bar for the cybersecurity of this nation? Is cyber deterrence an achievable goal? How do we need to enhance cybersecurity information logging and sharing across the spectrum to protect against APTs in the future?
And finally, though this is a question for the government, rather than the witnesses here today – what does the United States need to do to respond to this operation?
Government officials initially stated that this was an intelligence gathering operation. Just recently, however, the White House stated, “when there is a compromise of this scope and scale, both across government and across the U.S. technology sector to lead to follow-on intrusions, it is more than a single incident of espionage; it’s fundamentally of concern for the ability for this to become disruptive.”
While I share the concern that an operation of this scale with a disruptive intent could have caused mass chaos, those are not the facts that are in front of us.
Everything we have seen thus far indicates that this was an intelligence operation – a rather successful one – that was ultimately disrupted.
While there are myriad ways for sovereign states to respond, I caution against using terms like “attack” and “act of war” in relation to this operation, unless the facts lead us there. The Chairman knows I always advocate for standing up to our adversaries, but I want to know today what the actor’s intent seemed to be and the extent of the damage.
This Committee, and the rest of the Congress, should consider what policies we need to pursue to better defend our critical networks.
In order to get a fuller view of the problem perhaps we should consider mandating certain types of reporting as it relates to cyber-attacks.
We must improve the information sharing between the federal government and private sector. I look forward to being an active and constructive participant in these debates.
With that, we welcome you and thank you for your testimony and the insights you will share with us and the American people today. It is important that the public understand the current, persistent information conflict the United States finds itself in against nation state adversaries like Russia, China, Iran, and North Korea.
Thank you, Mr. Chairman.