Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention.

The New York Times reports that, according to senior officials, the White House doesn’t intend to give Congress additional powers as some former officials have called for. Instead, the Biden administration believes “that a new structure was needed, one that combined traditional intelligence collection with the talents of private-sector firms,” such as FireEye, which discovered Russia’s SolarWinds attack, and Volexity, which pinpointed Microsoft’s problem with Chinese hackers meddling with its patches.

Since then, Microsoft revealed that, “cybercriminals are using the back doors Chinese hackers left behind to deploy ransomware, which is used to lock up computer systems until payment is made.” A senior administration official stated that, “the federal government was in the third week of a monthlong effort to plug holes made obvious by the SolarWinds hack.”

The National Security Agency and its military counterpart, U.S. Cyber Command, tout the country’s “foremost hacking teams and digital defenders,” but they are “hardly an impermeable shield.” One vulnerability is that hackers “can assemble an attack from inside America’s borders,” avoiding detection from the NSA, which, noted former director Admiral Michael Rogers, “cannot operate in the domestic infrastructure.”

Rather than “reverse decades of limits on intelligence agencies to monitor and defend network traffic inside the United States,” the Biden administration seeks to build “real-time threat sharing arrangement, whereby private companies would send threat data to a central repository where the government could pair it with intelligence from the National Security Agency, the CIA and other spy shops.”

Former NSA general counsel Glenn Gerstell said this could “stop attacks dead in their tracks.” “We need a way to get threat intelligence into a one-stop shopping center,” he said.

One challenge is that, since Edward Snowden’s leaks “set off a debate about government surveillance … American technology companies are wary of the appearance of sharing data with American intelligence agencies, even if that data is just warnings about malware.”

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) would be “the most politically palatable headquarters for such a clearinghouse” but its automated AI-enabled “Einstein” system didn’t detect the recent Russian attack.

The FBI “does not have broad monitoring capabilities, and its focus is divided across other forms of crime, counterterrorism and now domestic extremism threats” and presents other “hurdles” to becoming the clearinghouse such as its legal obligation to obtain warrants, which would slow down enforcement.

Related:
Microsoft Probes Clue That Hackers Cracked Taiwan Research, Bloomberg, 3/13/21