https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html
The remediation effort alone will be staggering. It will require the segregated replacement of entire enclaves of computers, network hardware and servers across vast federal and corporate networks. Somehow, the nation’s sensitive networks have to remain operational despite unknown levels of Russian access and control. A “do over” is mandatory and entire new networks need to be built — and isolated from compromised networks.
Cyber threat hunters that are stealthier than the Russians must be unleashed on these networks to look for the hidden, persistent access controls. These information security professionals actively search for, isolate and remove advanced, malicious code that evades automated safeguards. This will be difficult work as the Russians will be watching every move on the inside.
The National Defense Authorization Act, which each year provides the Defense Department and other agencies the authority to perform its work, is caught up in partisan wrangling. Among other important provisions, the act would authorize the Department of Homeland Security to perform network hunting in federal networks. If it wasn’t already, it is now a must-sign piece of legislation, and it will not be the last congressional action needed before this is resolved.
Network operators also must take immediate steps to more carefully inspect their internet traffic to detect and neutralize unexplained anomalies and obvious remote commands from hackers before the traffic enters or leaves their network.