Federal agencies struggled to share information in SolarWinds aftermath, GAO finds

Classified information created challenges, the GAO says, because agencies classify certain kinds of information differently.
The SolarWinds Corp. logo is seen at the headquarters in Austin, Texas on April 15, 2021 in Austin, Texas. (Photo by SUZANNE CORDEIRO / AFP)

Information sharing between federal agencies was “slow, difficult and time consuming” as they worked to respond to the SolarWinds cyberattack in late 2020, according to a new report by the Government Accountability Office.

In the in-depth study published Thursday, the watchdog pointed to difficulties between the government and private sector, as well as problems with interagency communications, particularly with classified information.

“Specifically, an official from ODNI’s Cyber Executive Office told us that information sharing among law enforcement, private sector, and intelligence groups was difficult and time consuming, as there were different classification levels for information,” GAO said in the report,

“In addition, a Senior Technical Director from CISA’s cybersecurity division told us that sharing data received from law enforcement with other agencies and the private sector was challenging,” the agency said.


GAO is proposing the creation of a centralized forum that could be used when future cyberattacks occur to facilitate interagency discussions as well as to help agencies communicate with the private sector when necessary.

The report also gives a view of how agencies worked together in the days and weeks following the discovery of the breach, which compromised the systems of nine federal agencies that contracted with Texas-based SolarWinds for software services.

Following the discovery of the SolarWinds breach, government agencies on Dec. 16, 2020, established a unified coordination group (UCG) to respond to the incident. According to GAO, this consisted of CISA, the FBI and ODNI, with assistance from the National Security Agency. A similar UCG was also subsequently set up in March 2021 in response to the Microsoft Exchange server hack.

Latest Podcasts