But on Monday there was no public statement attributing the hacking to Russia, possibly reflecting Mr Trump’s reluctance to confront Moscow on the matter and the doubts he has expressed about the gravity of the attack.
According to a senior administrative official, the meeting should “take stock of the information, investigations and actions taken to remediate the attack.” There was no preparation in this description to impose costs on the attacker. Mr Trump did not attend the meeting.
Both President-elect Joseph R. Biden Jr. and his new Chief of Staff Ron Klain have stated in recent days that the post-tenure response would go beyond sanctions to undermine the aggressor’s abilities. But he is likely to find that the government’s response options are limited for fear of escalation.
The list of attendees at the meeting was noteworthy as it gave clues as to which parts of the government may have been affected. White House officials said Treasury Secretary Steven Mnuchin, Secretary of Commerce Wilbur Ross, Acting Homeland Security Secretary Chad F. Wolf and Secretary of Energy Dan Brouillette were in attendance. All of these agencies have previously been identified as targets of hacking by news organizations.
John Ratcliffe, Director of National Intelligence, attended the meeting; likewise Gina Haspel, the CIA director, and General Paul M. Nakasone, the director of the National Security Agency and commander of the United States Cyber Command. Secretary of State Mike Pompeo, who became the first senior civil servant to recognize that Russia was the most likely source of the attack before it was undercut by Mr Trump, did not attend. His deputy Stephen E. Biegun stood up for him.
General Nakasone, a veteran cyber warrior responsible for defending the national security systems, has been silent since the hacking was exposed. It was extremely embarrassing for the NSA and Cyber Command that a private company, FireEye, was the first to alert the government that it had been hacked.
According to the details released by Wyden, after using the SolarWinds software update to break into Treasury’s systems, the Russian hackers performed a complex step in the Microsoft Office 365 system to create an encrypted “token” that identifies a computer for the larger network.