President-elect Joe Biden on Monday stressed the need to modernize U.S. military forces to account for attacks in cyberspace following a massive hack of multiple government agencies that came to light earlier this month.
“We have to be able to innovate and reimagine our defenses against growing threats in new realms like cyberspace,” Biden said at a press conference following a briefing from intelligence and defense officials on national security issues.
Biden pointed to the need to address challenges from Russia and China and said that “modernizing our defense priorities to better deter aggression in the future, rather than continuing to over-invest in legacy systems designed to address the threats of the past” would be necessary.
He cited in particular the recently uncovered hack of IT company SolarWinds by Russian hackers in calling for changes to national defense efforts.
The incident, ongoing since March but first reported by Reuters earlier this month, has quickly become one of the worst cyber incidents in U.S. history after SolarWinds said that about 18,000 of its customers had been compromised as a result of hacked software updates.
SolarWinds customers include the majority of federal agencies and U.S. Fortune 500 companies, with groups including the Treasury Department, the Energy Department and its National Nuclear Security Administration, and the State Department confirming this month that they have been impacted by the hack.
Biden last week described the incident as an “attack” that constituted a “grave risk to our national security,” with the president-elect repeating these comments Monday.
“We are still learning about the extent of the SolarWinds hack and the vulnerabilities that have been exposed,” Biden said. “As I said last week — this attack constitutes a grave risk to our national security.”
“We need to close the gap between where our capabilities are now and where they need to be to better deter, detect, disrupt, and respond to these sorts of intrusions in the future,” he added.
Biden’s comments come as lawmakers on both sides of the aisle call for a strong response, and a week after President Trump vetoed the annual National Defense Authorization Act (NDAA), which had been hailed by bipartisan members of Congress as one of the most important pieces of cybersecurity legislation in years.
The massive defense funding bill, which Trump vetoed over it not including language to repeal Section 230 of the Communications Decency Act, among other issues, included language establishing a White House cybersecurity czar and clauses significantly strengthening federal cybersecurity capabilities and powers.
The bill passed both chambers of Congress with a bipartisan majority, and the House is set Monday afternoon to vote on overriding Trump’s veto.
Trump was slow to publicly address the SolarWinds hack, and has so far only commented on it once, in a tweet earlier this month that downplayed the incident and questioned whether China was involved instead of Russia.
“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”
There is no evidence that has been publicly disclosed that China was involved, and the Chinese government has denied involvement. While the Kremlin has also denied involvement, Secretary of State Mike Pompeo and former Attorney General William Barr have said publicly that they believe Russia is responsible.