US calls for urgent collaboration with EU on cybersecurity

US Senator Mark Warner says failure to develop joint cybersecurity policies could be “potentially devastating”

Posted 20 April 2021 by Christine Horton

United States Senator Mark Warner has said there could be devastating consequences if the European Union and the US don’t work together to develop common cybersecurity standards.

His comments were reported by POLITICO in the wake of the massive SUNBURST cyberattack that targeted software firm SolarWinds.

Analysis suggests that by managing the intrusion through servers based in the US and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by SolarWinds, other private companies, and the federal government.

“I increasingly believe that our failure to have any kind of joint cybersecurity policies or even joint cybersecurity norms could be something that could really be potentially devastating,” said the Democratic senator, who chairs the Select Committee on Intelligence, at a POLITICO’s on Monday.

At least 100 US companies, nine federal agencies and six EU institutions and agencies were affected by the SolarWinds hack, a major cyber espionage campaign discovered in 2020.

Warner reportedly said the attack “didn’t seem to receive as much attention in Europe” as it had in the US, even though domestic servers in Germany, the UK and other European countries had been compromised.

He asked EVP of the European Commission, Margrethe Vestager, for greater collaboration, adding that Europe and the US needed to share more information concerning “first-tier adversaries” such as Russia and China.

Warner also advocated for a common approach to cyber norms to define what qualifies as acceptable espionage or nation state attacks.

Vestager said that cybersecurity would have to be integrated into all of the transatlantic talks about tech.

Brussels recently backed the US when Washington blamed Russian intelligence for the SolarWinds attack. In a statement, EU foreign affairs chief Josep Borrell said the EU would continue to investigate malicious cyber activities to prevent them.

Whitehouse response

The Whitehouse announced Monday that the Biden Administration was convening two Unified Coordination Groups (UCGs) to drive a government response to the SolarWinds and Microsoft Exchange incidents.

It said that due to widespread patching and reduction in victims, it was standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures.

In a statement the Biden Administration said it was “undertaking a whole-of-government effort – working closely with Congress, the private sector, and allies and partners around the world – to build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation’s ability to quickly and effectively respond to significant cybersecurity incidents.

“While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the US government and the private sector.”

Following the event, SolarWinds said that it believed collaboration “will be critical both in responding to the SUNBURST attack and in protecting our industry and national infrastructure from attacks of this nature in the future.”