Biden administration convenes government, private sector groups to respond to Microsoft vulnerabilities

White House officials said Wednesday that the Biden administration has formally stood up a task force of government and private sector groups as it works to investigate and respond to the recently uncovered cyber espionage incident involving a Microsoft email application.

Press secretary Jen Psaki confirmed in a statement that the National Security Council (NSC) has established a “unified coordination group” (UCG) to respond to Microsoft Exchange Server vulnerabilities, first announced by the company earlier this month, and which have potentially victimized thousands of organizations.

Psaki said the group includes the FBI, the Cybersecurity and Information Security Agency (CISA), the National Security Agency and the Office of the Director of National Intelligence, and had met earlier this week with private sector companies to respond to the ongoing incident. 

“We invited the private sector partners based on their specific insights to this incident, an approach the NSC will take going forward as appropriate,” Psaki said in a statement. “The UCG discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners could use for tracking the incident, going forward.”

Psaki noted that small businesses were particularly hard-hit by the vulnerabilities, which Microsoft announced earlier this month had been exploited by a state-sponsored Chinese hacking group, and said that the UCG had discussed the number of unpatched servers and how to respond to the incident. 

“The cost of cyber incident response weighs particularly heavily on small businesses,” she said. “Hence, we requested that Microsoft help small businesses with a simple solution to this incident. In response, Microsoft has released a one-click mitigation tool. We encourage every business or organization that has not yet fully patched and scanned their Exchange Server to download and run this free tool.”

Microsoft warned last week that more than 80,000 servers around the world were still unpatched, and that other cyber criminals were quickly taking advantage of the vulnerabilities to go after the groups, including through launching ransomware attacks to demand payment. The company described the incident as a “broad attack” and urged all groups running Exchange Server to protect their systems. 

CISA and the FBI put out a joint alert last week warning that the Exchange Server vulnerabilities posed a “serious risk” to both federal and private sector systems, and that groups targeted included private businesses in the agriculture, biotechnology, aerospace, defense, legal service, power utilities and pharmaceutical sectors.

Anne Neuberger, the deputy national security adviser for cyber and emerging technology, also stressed on Wednesday the attention the administration is giving to the Microsoft vulnerabilities. 

“This Administration is committed to working with the private sector to build back better — including to modernize our cyber defenses and enhance the nation’s ability to respond rapidly to significant cybersecurity incidents,” Neuberger said in a separate statement. 

The response to the Microsoft incident, which may have been ongoing since as early as January, comes as the administration is still in the midst of investigating what has become known as the SolarWinds hack.

The SolarWinds incident, which involved Russian hackers infiltrating software from IT group SolarWinds and other organizations to go after as many as 18,000 customers. As of February, the White House confirmed that nine federal agencies and 100 private sector groups had been breached, potentially for up to a year prior to discovery in December. 

A senior administration official told reporters last week that President Biden is still weighing his response to the SolarWinds hack, and that all federal agencies were due to wrap up a four-week security review by the end of March to ensure the hackers were out of their systems. The official noted that new technology would also shortly be rolled out to address “gaps” in federal cybersecurity. 

Both major cybersecurity incidents have forced the Biden administration to put an early spotlight on strengthening the nation’s cybersecurity. 

While Neuberger currently serves as the top official in the executive branch leading the response to both cyber incidents, Biden has not yet nominated an individual to serve as national cyber director, a position established by the most recent annual defense appropriations bill. 

Psaki addressed the delay in nominating someone to fill the role of cyber czar on Tuesday, noting that the administration is in the middle of a 60-day review of the position. The position is intended to serve as a coordinating force for federal cyber policy, and is Senate-confirmed. 

“Clearly, addressing cyber, ensuring there’s an across-government approach is a priority for the president and something that he feels there’s a role for many components of the federal government to play,” Psaki told reporters. “So we’re going to pursue that role and ensure that we’re approaching it in the right way, in a way that will address the threats we’re facing.”