Two House committees are holding a hearing on the SolarWinds attack.
James Martin/CNET
The US House Committee on Homeland Security and Committee on Oversight and Reform will host a hearing on the SolarWinds hack this week, they announced Monday. The hearing on Feb. 26 will see SolarWinds CEO Sudhakar Ramakrishna, SolarWinds former CEO Kevin Thompson, Microsoft president Brad Smith and FireEye CEO Kevin Mandia testify.
The hearing will look into the role of private companies in preventing, investigating and remediating cyberattacks that affect government and cause damage to our national security.
Read more: SolarWinds software used in multiple hacking attacks: What you need to know
It follows the SolarWinds hack, which was last month attributed by US intelligence agencies to Russia. A joint statement from the FBI, NSA, Cybersecurity and Infrastructure Security Agency and Office of the Director of National Intelligence in early January said the attack was “likely Russian in origin.”
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the statement said. “At this time, we believe this was, and continues to be, an intelligence gathering effort.”
The hack started around March 2020, when hackers compromised IT management software from Texas-based SolarWinds. The hackers placed malicious code in a SolarWinds software update, and around 18,000 of the company’s customers, including in the private and public sectors, installed the tainted update.
The breach reportedly included an email system used by senior leadership at the Treasury Department. Government officials have confirmed breaches at the Treasury Department as well as the Departments of Energy and Commerce. The hack also reportedly hit the Department of Homeland Security, the Pentagon and the State Department, as well as the National Institutes of Health and the National Nuclear Security Administration.
The hearing — called “Weathering the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing Campaign” — starts at 9 a.m. ET on Feb. 26, and you can watch it on YouTube or the Committee on Oversight and Reform website.