Speaking today during an open hearing on the hacking of U.S. networks by foreign adversaries, Senate Intelligence Committee Chairman Mark Warner, D-Va., questioned why the U.S. shouldn’t have mandatory cyberattack reporting systems in light of the recent Russia-backed hack of government and private sector networks via SolarWinds software products.
“Why shouldn’t we have mandatory reporting systems?” Sen. Warner posited, adding, “even if those reporting systems require some liability protection so we can better understand and better mitigate future attacks.”
Among concern during the hearing for Sens. Warner and Marco Rubio, R-Fla., the committee’s vice chairman, was that a lack of participation and information sharing from other companies could hinder the investigations of the breach. Warner also wondered about establishing common norms of behavior in cyberspace – in the same vein of common norms for military conflicts.
“We have military conflict that exists, but there’s been, for some time, a norm that you don’t knowingly bomb a hospital or bomb an ambulance that’s got a Red Cross shield on it. Should we therefore consider efforts that subvert patching – which are all about fixing vulnerabilities – to be similarly off limits,” the senator asked.
SolarWinds CEO Sudhakar Ramakrishna reaffirmed the company’s position as being helpful to investigating the breaches, and sharing information with other companies that may have been impacted by the attack.
“We are committed to not only leading the way with respect to secure software development, but to share our learnings with the industry,” said Ramakrishna. “While numerous experts have commented on the difficulties that these nation state operations present to any company, we are embracing our responsibility to be an active participant in helping prevent these types of attacks.”
The primary areas of these efforts, Ramakrishna noted, are to further secure internal infrastructure, ensure and expand security of built environments, and ensure security and integrity of SolarWinds products.