National Security

Top Democrat: ‘Critical’ that Pompeo brief senators on SolarWinds hack at State Dept.

The top Democrat on the Senate Foreign Relations Committee is calling on Secretary of State Mike Pompeo to brief senators on the massive SolarWinds hack by suspected Russian hackers and its effect on the State Department.

“It is critical that the Senate Foreign Relations Committee receive a briefing on the extent of the security breach and the efforts that the Department is taking to mitigate its impacts and defend against future attacks,” Sen. Bob Menendez (N.J.) wrote to Pompeo in a letter Wednesday.

“Furthermore, it is essential that critical sectors within private industry and the American public more broadly understand the nature of the threat that our nation faces from the Kremlin, and their persistent exploitation of cyberspace, the Internet, and social media for their malign ends,” he added.

The State Department is one of several federal agencies breached by a cyberattack into third-party software developer SolarWinds that was revealed last week. Officials have called the hack, which is believed to have originated as far back as March, a “grave” risk to U.S. national security.

The State Department has yet to provide any specifics on the hack, and Menendez criticized Pompeo for his silence on the matter.

“While several other cabinet agencies that are victims of this cybersecurity breach have publicly acknowledged having been attacked, to date the Department of State has been silent on whether its computer, communication and information technology systems were compromised,” Menendez said in Wednesday’s letter.

A State Department spokesperson said the agency is working with the Cyber Unified Coordination Group (UCG), the administration’s coordinated effort between the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director for National Intelligence.

“We are working with the Cyber Unified Coordination Group (UCG) lead agencies and appropriate partners to determine the full scope and impact of these incidents,” the spokesperson said, and referred all other questions to UCG.

CISA did not immediately return a request for comment about the findings by the UCG.

The suspected Russian-backed hack into SolarWinds reportedly compromised networks at the State, Homeland Security, Treasury and Commerce departments. The malware also reportedly infiltrated the Pentagon and the Energy Department, which maintains the nuclear stockpile.

In an interview with a conservative radio show host last week, Pompeo blamed Moscow as being behind the hack, and acknowledged “a significant effort” to “embed code inside of U.S. government systems,” but did not discuss the breach in relation to the State Department.

While President Trump publicly called out Pompeo for assigning blame to Russia and instead raised the possibility that China could have been behind the hack, Pompeo was supported on Monday by outgoing Attorney General William Barr, who said in a press conference Monday that he agrees with the secretary regarding his characterization of Moscow’s role in the hack.

Some lawmakers have called the cyberattack an “act of war,” but national security experts are torn over what type of response the U.S. should mount, saying early indications point to the Russian’s goals being espionage and the kinds of information-gathering that the U.S. is also believed to engage in.

The hack also affected an estimated 18,000 private entities in the U.S., including nearly all Fortune 500 companies, prominent cybersecurity firm FireEye and Microsoft.

Microsoft said in a statement last week that customers in seven countries were likely compromised by the hack.

–Updated at 3:52 p.m.