CES 2021: Microsoft’s Brad Smith slams Solarwinds ‘indiscriminate assault’

Brad Smith presented Microsoft’s first CES keynote speech since 2012 Microsoft’s president has called the Solarwinds hack an “mass indiscriminate global assault” that should be a wake-up call to cyber-defenders. Brad Smith was making a keynote speech at the CES technology trade show. Earlier, it emerged President-elect Joe Biden had created a new post for a former National Security Agency official to help determine the US response to the attack. Anne Neuberger had specialised in operations against Russia. Plans to appoint her to the role of deputy national security adviser for cyber-security within the National Security Council were first reported by Politico and have now been confirmed by the New York Times . The NYT said she had run the NSA’s Russia Small Group, responsible for a pre-emptive strike on Kremlin operatives in 2018. She is currently head of the agency’s Cybersecurity Directorate. US intelligence agencies believe Russia was behind the Solarwinds attack, which compromised email accounts at the US Department of Justice as well as giving the perpetrators access to the systems of government agencies, businesses and other organisations worldwide. The full extent of the attack has yet to emerge. Solarwinds sells a widely used network monitoring tool that was altered to provide the hackers with a backdoor. Microsoft was among the victims and has confirmed some of its source code – the normally inaccessible instructions behind its software – had been accessed. “Governments have spied on each other for centuries, it would be naive to think or even ask them to stop,” said Mr Smith in his keynote. “But we’ve long lived in a world where there were norms and rules that created expectations about what was appropriate and what was not. “And what happened with Solarwinds was not. “Why? Because this wasn’t a case of one nation simply trying to spy on or hack its way into a computer network of another. “It was a mass indiscriminate global assault on the technology supply chain that all of us are responsible for protecting. “It is a danger that the world cannot afford.” Security experts needed to learn one of the lessons of the 11 September 2001 terror attacks, which had exposed how different US government agencies had failed to share threat information, Mr Smith said. “We need to move, as the 9/11 Commission said, from a culture where people only gave others information when they had a need to know,” he said. “And in the words of that commission, change the culture so that people feel a need to share.” Mr Smith also said there was a greater need to work together to tackle attacks linked to the Covid crisis. “We have lived through the biggest pandemic in a century,” he said. “And what did some people use that pandemic to do? “To launch cyber-attacks against hospitals, against the public health sector, against the World Health Organization, against the first line of critical responders. image captionMs Neuberger led efforts to protect the US’s 2018 mid-term elections Ms Neuberger will now be responsible for trying to persuade US agencies and the country’s wider cyber-security sector to work together against such threats. In her previous role, she coordinated the response of US government agencies to a flaw her team discovered suspected Russian hackers were using. “It was really great to see five different cyber-security entities using that to identify other Russian intelligence infrastructure and then take that down,” she told CBS News in August . Last month, Mr Biden said once the extent of the damage the Solarwinds hack had caused was better known, the US would probably “respond in kind”.

Click here to view original web page at www.bbc.com