It's going to take months to kick elite hackers widely believed to be Russian out of the US government networks they have been quietly rifling through since as far back as March in Washington's worst cyberespionage failure on record.
Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into US agencies and was among the victims, has already tallied dozens of casualties. It's racing to identify more.
President Donald Trump has not commented publicly on the matter, but Secretary of State Mike Pompeo said on a conservative talk show Friday, "I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."
"We have a serious problem. We don't know what networks they are in, how deep they are, what access they have, what tools they left," said Bruce Schneier, a prominent security expert and Harvard fellow.
"We should buckle up. This will be a long ride," said Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike.
"Cleanup is just phase one." The only way to be sure a network is clean is "to burn it down to the ground and rebuild it," Schneier said.
Imagine a computer network as a mansion you inhabit, and you are certain a serial killer as been there. "You don't know if he's gone. How do you get work done? You kind of just hope for the best," he said.
Florida became the first state to acknowledge falling victim to a SolarWinds hack.