According to foreign media CNET, U.S. legislators and witnesses said at the hearing of the house of Representatives oversight and homeland Securities Committee on Friday that the biggest problem in network security has led to continuous hacker attacks, which use the product update of solarwinds, an IT software company, as a "weapon".Whether it's the lack of cyber security personnel, poor communication between private companies and the federal government, or the lack of acceptable global standards for spying and hacking, long-standing problems are at work.
John catko, a Republican from New York, said the hacking group showed that it could exploit the myriad vulnerabilities of U.S. cyber security. Worse, he said, they were not worried about the consequences of their actions. "They have won the modern arms race, and we need to do more."
The hacker's activities are very complicated. The attacker adds malicious software to the updated version of Orion product of solarwinds. Thousands of entities downloaded the infected updates, and the hackers then focused on the selected targets for further intrusion. However, as legislators discussed in the Senate Intelligence Committee on Wednesday, hackers also abused the services of other companies, not just solarwinds, and invaded about 30% of the targets.
Although major intrusions into the office of personnel management, Equifax and the Democratic National Committee in the past prompted some changes, there are still major flaws in the system that protects the US system. Further changes may take several forms.
Both Smith and mandia expressed support for requiring companies to share information about the intrusion with the federal government. At present, the cybersecurity and infrastructure security bureau is responsible for many such reports, and legislators advocate better flow of information to other government departments. In addition, Ramakrishna of solarwinds said the company hopes to share what it has learned with other companies, which could lead to better systems to guarantee software updates.
Ramakrishna also stressed the need to quickly strengthen agreements between government agencies and technology companies and establish clear channels of communication in order to make a faster security response, especially when a complex attacker attacks. "In this case, they act like deformation toys in many ways, constantly deforming and changing their tactics and procedures towards us," Ramakrishna said.
In response to Ramakrishna's call, Smith highlighted what he called obstacles, which he said slowed Microsoft's efforts to issue solarwinds hacking alerts to institutions.
"Government contracts limit Microsoft and other government contractors in this case," Smith said. "We find that we can only inform the institutions that are victims themselves, and we have to ask them to talk to another person or individual or part of the government."
When asked about future prevention efforts, Smith said the government should establish better "road rules", including legislation, to quell the consequences of such a massive invasion.
"If you catch people who commit violations, you need to hold them accountable, and you need a variety of ways to do that," Smith told the team.