, But did you hear anything surprising, any bombshells or new information.? Well, no bombshells Emily! I think you know we we saw we expected, which is obviously a huge attack or for should say, hack, really not an attack against the U.S. government. Of their companies exploiting the supply chain.. But I think what was interesting was you know. Microsoft did make news supportive of data breach notification.. You know, I think the real concern for industry is how do we grapple with this new supply chain threat, which has been around for a long time., But it seems to be more aggressively being utilized by, in particular, the Russians.. But I was those to the Russians. A lot of other attackers using this route into our companies in government. Talk to us about the Microsoft. Development.: How significant is that.? Well, look, I think, it’s, I think, it’s something that a lot of industry folks have been talking about for a while. We’ve, seen the expansion of data breach notification laws in various states., And so what the companies don’t want, even though they may not necessarily want a Large scale data breach notification laws. They don’t also want 50 state laws that go after them. And so they’d rather have one federal standard., So not a tremendously surprising development, but certainly a notable one., Now there’s a lot about this attack. This hack. If you will that we still don’t know., What are you still wanting to find out.

? Well, look. We know that the U.S. government Sally is going to give very clear attribution.. We know it’s the Russians, but they’re gon na make it very clear and be very solid about that.. But the real question is is how widespread was this.? How many different routes in all was this attack against the U.S. government. Attack against U.S. government keeps saying attack, but it wasn’t attack to be clear.. It was a. It appears. The espionage at this point.. You know part of the challenge here is we know that Microsoft was involved.? We know that Solar Windsor was involved.. We know that mine casts a little., But it says that there may be a lot of other players involved in how the Russians got in and stayed in.. I mean it really highlights the need for us to come together, industry and government to really work collaboratively to stop these kind of threats going forward.. Well, it also highlights the vulnerability of the software supply chain. At this very moment., I mean can’t. We assume you know. We heard the CEO of solar winds there saying this is happening now, as we speak. And what was perhaps unique about this particular attack is just how patient these hackers were and how long they waited to deploy. Very sophisticated tactics. You’re, exactly right, Emily.. This idea that they would spend months and months getting in and then and then establishing themselves and really creating persistence., I mean that’s, the that’s.

The scariest thing I think about this hack. Is that not only do they use the supply chain to get in, but now that they’re in they’ve gotten deep in the views active directory, other capabilities to really establish a strong foothold. And now they’re short, like the wolves of the henhouse.. But they look like hens. And so get them out. And doing a deep network surveillance identifying the behaviors is going to be really hard. And that’s. Why you’ve got to have industries working together? Companies work together and the government industry really collaborating and create this collective defense capability that the Cyberspace Law Commission told us about last March., So what’s your sense of how much damage was done and will we ever know how much damage it really done.? You know it’s going to be hard to tell exactly the scope of damage.. We know that they were deep in.. We know that they saw, for example, source code from Microsoft. You know whether they download or modify that.. We don’t have any evidence of that yet.. We know they got to that. And we know within the government there deep, sustained access to email and information.. Now the no efforts have gotten the classified networks for weapons systems, but being deep inside of classified networks across multiple agencies can reveal a lot about how an agency operates and what was sensitive to them at the time not classified but sensitive., And so you know we May never know the full scope of damage.

. One thing I worry about Emily, though, is the fact they were in so deep suggest that they could later on. If they had similar access, actually take action or even threaten us with action.. They haven’t done that yet. That’s. When it may cross the line and really requires a stiff response from the U.S. government., So what should Congress be doing now.? What should the Biden administration be doing, now. Anything that they’re not already doing.? Well, look, I think one we have to make it clear that we’re going to push back. This wasn’t, a cyber attack., This wasn’t a armed attack in our nation.. It wasn’t an act of war.. It was significant espionage., But they the Russians, need to know if they sort of cross. That line and come close to that line threaten us with something more disruption. Deletion. You know disabling our systems that would cross the line.. They didn’t know we’re going to push back and push back hard. So for right now you know: set sanctions, closing embassies kicking out intelligence, officers. That’s, the right start. Now down the road we need make clear: there are red, lines.

https://www.youtube.com/watch?v=UNj2qShe2-U