SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat
Congress has called on the National Security Agency to be more transparent regarding a cyberattack that occurred in 2015 against Juniper Networks. The Juniper Networks supply-chain breach attack bears similarities to the recent SolarWinds espionage campaign, hence the emphasis on acquiring more information about it. Last week, SolarWinds sent a letter to the NSA and lawmakers suggesting that the former lacks oversight of software supply chains that the US government and private industry both rely on.
Contention among lawmakers is furthered by an allegation that the NSA’s encryption algorithm used by Juniper Networks contained a backdoor for the spy agency. Lawmakers are concerned about the flaw as it appears to be an endorsement of weak encryption. Five years after the Juniper breach, Congress is demanding to know why the NSA did not act accordingly and appropriately to mitigate the risks presented in that attack, allowing it to happen again.