Anonymous ID: d4abd7 April 19, 2021, 5:58 p.m. No.13466001   🗄️.is 🔗kun

BRIEFING ROOM

Statement by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger on SolarWinds and Microsoft Exchange Incidents

APRIL 19, 2021 • STATEMENTS AND RELEASES

The Biden Administration convened two Unified Coordination Groups (UCGs) to drive a whole of government response to the SolarWinds and Microsoft Exchange incidents. Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures.

 

The innovations from the Exchange UCG and the lessons learned from these responses will be used to improve future unified, whole of Government responses to significant cyber incidents, including:

 

Integrating private sector partners at the executive and tactical levels. The active private sector involvement resulted in an expedited Microsoft one-click tool to simplify and accelerate victims’ patching and clean-up efforts, and direct sharing of relevant information. This type of partnership sets precedent for future engagements on significant cyber incidents.

CISA created and utilized a methodology to track trends in patching and exposed Exchange servers that enabled the UCG to quantify the scope of the incident.

Through industry relationships and leveraging legal authorities, the FBI and DOJ quickly identified the scale of the incidents – in the SolarWinds UCG, for example, scoping from a worst case of 16,800 to fewer than 100 targeted exploited nongovernment entities. This enabled focused victim engagement and improved understanding of what the perpetrators targeted from the larger set of exposed entities.

NSA and CISA released cybersecurity advisories that detailed adversary techniques and provided mitigation for system owners. NSA also provided guidance to other U.S. military and intelligence organizations, as well as contractors in the defense industrial base.

The Biden Administration is undertaking a whole-of-government effort – working closely with Congress, the private sector, and allies and partners around the world – to build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation’s ability to quickly and effectively respond to significant cybersecurity incidents. While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector.

 

###

Anonymous ID: d4abd7 April 19, 2021, 6:06 p.m. No.13466092   🗄️.is 🔗kun   >>6174 >>6358 >>6541 >>6661

DEPARTMENT OF JUSTICE | OFFICE OF THE INSPECTOR GENERAL

INVESTIGATIVE SUMMARY |21-062 Findings of Misconduct by former FBI Special Agent in Charge for Making Two False Statements

The Department of Justice (DOJ) Office of the Inspector General (OIG) initiated an investigation upon receipt of information from the Federal Bureau of Investigation (FBI), Inspection Division, alleging that a former FBI Special Agent in Charge (SAC) obtained an FBI HR-218 card by making false statements to an FBI employee. An HR-218 card certifies that the named individual has met the requirements set forth in the Law Enforcement Officers Safety Act of 2010 and thereby authorizes the individual to carry a concealed firearm as a qualified Separated/Retired Law Enforcement Officer. During its investigation, the OIG found indications that the former SAC also made false statements to OIG Special Agents while being served with an Inspector General (IG) administrative subpoena.

The OIG investigation substantiated the allegation that the former SAC made a false statement to the FBI by telling an FBI employee that the former SAC had misplaced the former SAC’s HR-218 card and requesting that the FBI employee provide a replacement card. In fact, the former SAC had never been issued an HR-218 card by the FBI because the former SAC was not qualified to receive one as a result of the former SAC’s security clearance having been suspended at the time of the former SAC’s retirement. In response to the former SAC’s request and false representation, the FBI employee sent the former SAC an HR-218 card. The OIG investigation also found that the former SAC made a false statement to the OIG when the former SAC made an unsolicited statement to OIG Special Agents that the former SAC was unaware the former SAC was not permitted to possess the HR-218 card. In fact, the former SAC had previously been told in writing by a senior FBI official that the FBI was precluded from issuing the former SAC an HR-218 card. The former SAC’s conduct violated federal law.

The former SAC declined the OIG’s request for a voluntary interview regarding the former SAC’s alleged false statements; the former SAC complied with the IG administrative subpoena for documents related to this matter. The OIG has the authority to compel testimony from current DOJ employees upon informing them that their statements will not be used to incriminate them in a criminal proceeding, and to subpoena documentary evidence from current or former DOJ employees. The OIG does not have the authority to compel or subpoena testimony from former Department employees, including those who retire or resign during the course of an OIG investigation.

Prosecution of the former SAC was declined.

Posted to oig.justice.gov on April 19, 2021

 

DEPARTMENT OF JUSTICE | OFFICE OF THE INSPECTOR GENERAL

The OIG has completed its investigation and provided its report to the FBI for its information.

Unless otherwise noted, the OIG applies the preponderance of the evidence standard in determining whether DOJ personnel have committed misconduct.