Breach, Threat Management, Compliance Management, Critical Infrastructure Security

Security pros raise questions after breach of US federal court system disclosed

Merrick Garland
U.S. Attorney General Merrick Garland speaks during a May 24, 2022, news conference at the Department of Justice in Washington. (Photo by Chip Somodevilla/Getty Images)

Serious eyebrows were raised this week when House Judiciary Chairman Jerry Nadler, D-N.Y., said at an oversight committee hearing that three unspecified foreign actors breached the federal judiciary’s document management system.

Based on various reports, the breach dates back to early 2020 and Nadler reportedly told the oversight committee Thursday that it was only in March of this year that he had learned of the full extent of the breach.

The press reports were confusing. Some indicated that the breach was connected to the famous SolarWinds case, but Nadler was reported saying the case involving the federal judiciary’s system known as PACER CM/ECF — the acronym for Public Access to Court Electronic Records and Case Management/Electronic Case Files — was separate from the SolarWinds hack.

During yesterday’s hearing, Matthew Olsen, assistant attorney general of the Justice Department’s National Security Division, would not confirm which three nation-states were involved and would not talk about the investigation surrounding the court system case, but did say they were working on cases involving Russia, China, Iran, and North Korea.

Sam Curry, chief security officer at Cybereason, said one thing’s for sure in this case with the federal courts: no one knows the full scope of the breach.

“And now certainly isn't the appropriate time to bayonet the wounded as elected leaders and citizens deserve answers on what was compromised and whether national security is at risk,” Curry said. “Estimating the full scope of this breach is difficult. It’s likely to be iceberg-like: only a fraction is above the waterline and visible. Was this breach part of an elaborate cover story from a nation-state that has other intentions and targets? Again, only time will tell.”

Karen Crowley, director of solutions marketing at Deep Instinct, said the attack on the U.S. federal court system has dispelled any doubts about the significance of a cyberattack against even the largest organizations.

“Cyberattacks are not just one and done,” Crowley said. “They have lingering impacts, which can have substantial consequences on both the organization and its people. When systems are not working at full capacity, then services are not able to be delivered at the same high standard, eroding public trust.”

Crowley said while system disruption may be an obvious outcome, these attacks also have serious consequences on the security teams working on these cases. Crowley pointed out it’s on the IT and security teams to fix any impacts quickly, placing a huge amount of pressure and stress on their shoulders.

“The chance of reinfection is high, even when they think the threat is eradicated, and they must be on alert for the next cyberattack that could be around the next corner,” Crowley said. “Unfortunately, this pressure is taking a toll. Recent research shows that 45% of professionals have considered leaving the industry due to stress, with the primary issue being the constant threat posed by ransomware. At a time when labor is already tight, this highlights that our attitude must shift when it comes to security.”

Andrew Hay, COO at LARES Consulting, questioned why it took so long for this breach to come to light.

“A breach of this nature should not be swept under the rug or kept hidden for this long,” Hay said. “The only thing I can think of that would justify the time that has passed is that this was an active FBI investigation, so no news could be communicated.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.