White House: Here's what we've learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents

Partnerships with private companies in dealing with aftermath of cyberattacks "sets precedent for future engagements on significant cyber incidents".
Written by Danny Palmer, Senior Writer

Lessons learned from responses to the SolarWinds and Microsoft Exchange cyber incidents will be used to coordinate action against future cybersecurity and hacking incidents, the White House has said.

Both incidents required the United States to react to cyberattacks by nation-state hacking operations affecting thousands of organisations across the country – Russian intelligence compromised SolarWinds in a supply chain attack, while Chinese operatives targeted Microsoft Exchange.

The campaigns aren't related, but both were able to gain access to a number of networks, with attackers remaining under the radar for a significant period of time before they were discovered.

SEE: Network security policy (TechRepublic Premium)

The US administration convened two Unified Coordination Groups (UCGs) to drive the government response to the SolarWinds and Microsoft Exchange incidents. Both are now being stood down due to the increase in security patches being applied to prevent the attacks and a reduction in the number of victims.

But the way they operated and what was learned will be used to guide responses to additional cyber incidents in the future.

Lessons learned include 'integrating private sector partners at the executive and tactical levels' and involving private sector organisations in the response in order to help deliver fixes smoothly, like Microsoft's one-click tool to simplify and accelerate victims' patching and clean-up efforts, as well as sharing relevant information between firms.

"This type of partnership sets precedent for future engagements on significant cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology.

The partnerships also enabled the FBI and Department of Justice to identify the scale of the incidents and determine which organisations were affected, gain a better understanding of who was being targeted and determine the best response.

The White House also pointed to the methodology created by CISA to track trends in patching and exposed Exchange servers that enabled the UCG to quantify the scope of the incident.

SEE: Check to see if you're vulnerable to Microsoft Exchange Server zero-days using this tool

It's hoped that by learning the lessons of what happened with SolarWinds and Microsoft Exchange, the White House can improve how it responds to significant cybersecurity incidents

"While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector," said Neuberger.


Editorial standards