Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger announced Monday morning that the White House would be closing its coordinating groups for the SolarWinds and Exchange hacking campaigns. It's a move that may signal a return to normalcy, both for the government's all-hands response to the two incidents and to a functioning interagency system many saw as "atrophied."
In a statement sent to reporters Monday morning, Neuberger wrote: "Due to the vastly increased patching and reduction in victims, we are standing down the current [unified coordinating groups] surge efforts and will be handling further responses through standard incident management procedures."
Neuberger credited the speed of mitigation to a number of factors, including Microsoft's efforts to make patching simpler and a blockbuster Department of Justice move to hijack malware on privately owned systems.
"The Biden Administration is undertaking a whole-of-government effort – working closely with Congress, the private sector, and allies and partners around the world – to build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation’s ability to quickly and effectively respond to significant cybersecurity incidents," said Neuberger.
That the statement emphasizes a cooperative multi-stakeholder process as the norm post crisis is a jarring change from a Trump administration where agency and private sector priorities were often described as disjoint.
"We want the government to make such transitions and rely on regular processes to manage most issues; as a result, I think this move shows that the White House has made good progress in re-building the interagency management processes that had atrophied," said Michael Daniel, former White House cybersecurity coordinator under Barack Obama and current president and CEO of the Cyber Threat Alliance.
By the end of the Trump administration, there was no senate confirmed head of the Department of Homeland Security or the Cybersecurity and Infrastructure Security Agency; the National Security Council and the White House eliminated dedicated cybersecurity leadership; and the State Department had closed its cyber-diplomacy wing. Industry groups were unclear how the government would respond to emergencies across agencies, making it more difficult to incorporate response into defensive strategies.
That said, how the Biden administration actually operates outside of cyber-crises is still unknown. Between a SolarWinds campaign that emerged before inauguration and Exchange, this announcement marks the first time the administration is signaling normalcy.
"It’s noteworthy that the White House took the time to put out such a statement – it didn’t just end the UCGs and move on. That’s a sign of good management and maturity," said Daniel. "Overall, enterprises should have increased confidence in the U.S. government’s ability to manage a cybersecurity crisis and to continue improving its cyber capabilities."