Jamie Tarabay (Bloomberg) -- On his last full day in office, President Donald Trump signed an executive order the White House said was aimed at preventing foreign malicious cyber-actors from using U.S. online infrastructure to carry out their activities.
The order, which provides the Commerce Department with the authority to impose record-keeping obligations on foreign transactions, is viewed as a response to the recent hacking campaign that infected software from SolarWinds Corp. and targeted organizations including government agencies.
“Foreign malicious cyber-actors threaten our economy and national security through the theft of intellectual property and sensitive data, and by targeting United States critical infrastructure,” National Security Advisor Robert O’Brien said in a statement. He said abuse of American infrastructure service products -- such as those offered by cloud outfits like Amazon Web Services and Microsoft Azure -- had “played a role in every cyber incident during the last four years, including the actions resulting in the penetrations of United States firms FireEye and Solar Winds.”
It was a “much-needed step, unfortunately it takes a significant and public compromise like the SolarWinds breach into U.S. government infrastructure to drive change like this,” said Jon DiMaggio, chief security strategist at Analyst1, a cyber-threat analysis firm in Reston, Virginia.
“It certainly isn’t the first time supply chain attacks have happened, nor is it the first time the U.S. government has been aware of the problem. It’s about time we started looking past the vendor cost to determine what technology we allow to support critical government infrastructure,” he said.
The order allows the Commerce Department to block American infrastructure firms from operating in countries where those products are used for malicious cyber-activity, either by individuals or if the country’s own government is a source of that activity.
The order also grants powers to ban or impose conditions on foreigners opening or maintaining accounts with American firms within the U.S. if they are found to be involved in malicious cyber-activity.
The Commerce Department is tasked with proposing regulations within six months of the order being issued, but it isn’t clear that the incoming administration led by Joe Biden will implement it.
“I could see them adding a comment period or something from the impacted companies,” said Alex Stamos, a Stanford University professor helping SolarWinds’ recovery efforts after its breach, who had served as chief security officer at Facebook until 2018. Biden “might just wholesale wipe out every executive order too.”
In December, Austin, Texas-based SolarWinds found itself at the center of the largest cyber-security attack in recent memory. Suspected Russian hackers breached the internal networks of at least 200 customers, including U.S. government agencies and an as-yet-unknown number of private companies, a cyber-security firm and people familiar with the investigation told Bloomberg News.
In an operation that cyber-security experts have described as exceedingly sophisticated and hard to detect, the hackers installed malicious code in updates to SolarWinds’ widely used Orion software, which was sent to as many as 18,000 customers.