US National Security Adviser Robert O'Brien cut short his trip to Europe this week and returned to Washington on Tuesday to hold meetings on the alleged Russian hack of government agencies.
Mr O'Brien was due to visit the UK, Italy and Germany this week but returned to Washington four days early, a spokesman for the US National Security Council confirmed to The National.
“Ambassador O’Brien is returning to address the hacking incident,” said John Ullyot, the deputy assistant to the president.
The council already held two high-level meetings on the cyber breach on Saturday and Monday, and Mr O'Brien will be convening another meeting tonight and tomorrow.
The return of the senior US official was another indication of the seriousness of the hack that hit at least six US agencies. The attack is suspected to have been carried out by the Russian government.
The departments of state, defence, homeland security, justice, treasury and commerce are investigating the degree of the breach that may have happened over several months. Nearly 18,000 private and government users downloaded the tainted software update, according to The New York Times.
The huge operation was carried out after the hackers infiltrated and installed malware in a software product from SolarWinds, which supplies hundreds of government agencies and top companies.
By compromising its platform, the hackers were able to gain access to government agencies and possibly secret material that SolarWinds was supposed to protect, Reuters reported on Sunday.
The company sent an advisory to its clients informing them of an attack. “We have been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation-state," the Texas-based company said. It then launched an upgrade to the software containing the malicious code.
Russia denied responsibility for the attack but US officials and cyber experts say the high level of sophistication of the operation and the agencies affected point to Russian intelligence. US officials said the Russian hacking group Cozy Bear, associated with the Russian foreign intelligence service, was behind the attack.
Government agencies are still investigating the degree of the damage to determine a response.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency was also attacked. It issued a rare directive on Sunday instructing all federal agencies to disconnect affected devices.
Teri Radichel, CEO of 2nd Sight Lab, saw in the attack further evidence on the lethality of the NotPetya malware that Russia has employed in the past.
"This attack has many factors, but one thing companies really need to look at closely is the security of their deployment systems," Ms Radichel told The National. "The NotPetya malware used the same vector and caused a massive amount of damage."
Implementing secure architecture is needed to limit the damage that malware can cause when it gets into systems such as Solarwinds, explained Ms Radichel, also the author of Cybersecurity for Executives in the Age of the Cloud.
“Networks should be designed to spot the C2 [command and control] traffic and any internal network scans as quickly as possible, as well as use defence in depth and avoid reliance on only one monitoring system for critical data,” the expert added.
In October, the US Department of Justice charged six Russian military officers and accused them of carrying out some of the world’s largest cyberattacks over the last decade using the malware NotPetya.
The US government was made aware of the attack only after the private cybersecurity company FireEye detected the infiltration. On Tuesday, Microsoft announced it would quarantine and isolate versions of the SolarWinds Orion app that contain the malware. It also recommended that companies with Orion apps do the same.
The bio:
Favourite film:
Declan: It was The Commitments but now it’s Bohemian Rhapsody.
Heidi: The Long Kiss Goodnight.
Favourite holiday destination:
Declan: Las Vegas but I also love getting home to Ireland and seeing everyone back home.
Heidi: Australia but my dream destination would be to go to Cuba.
Favourite pastime:
Declan: I love brunching and socializing. Just basically having the craic.
Heidi: Paddleboarding and swimming.
Personal motto:
Declan: Take chances.
Heidi: Live, love, laugh and have no regrets.
Ten tax points to be aware of in 2026
1. Domestic VAT refund amendments: request your refund within five years
If a business does not apply for the refund on time, they lose their credit.
2. E-invoicing in the UAE
Businesses should continue preparing for the implementation of e-invoicing in the UAE, with 2026 a preparation and transition period ahead of phased mandatory adoption.
3. More tax audits
Tax authorities are increasingly using data already available across multiple filings to identify audit risks.
4. More beneficial VAT and excise tax penalty regime
Tax disputes are expected to become more frequent and more structured, with clearer administrative objection and appeal processes. The UAE has adopted a new penalty regime for VAT and excise disputes, which now mirrors the penalty regime for corporate tax.
5. Greater emphasis on statutory audit
There is a greater need for the accuracy of financial statements. The International Financial Reporting Standards standards need to be strictly adhered to and, as a result, the quality of the audits will need to increase.
6. Further transfer pricing enforcement
Transfer pricing enforcement, which refers to the practice of establishing prices for internal transactions between related entities, is expected to broaden in scope. The UAE will shortly open the possibility to negotiate advance pricing agreements, or essentially rulings for transfer pricing purposes.
7. Limited time periods for audits
Recent amendments also introduce a default five-year limitation period for tax audits and assessments, subject to specific statutory exceptions. While the standard audit and assessment period is five years, this may be extended to up to 15 years in cases involving fraud or tax evasion.
8. Pillar 2 implementation
Many multinational groups will begin to feel the practical effect of the Domestic Minimum Top-Up Tax (DMTT), the UAE's implementation of the OECD’s global minimum tax under Pillar 2. While the rules apply for financial years starting on or after January 1, 2025, it is 2026 that marks the transition to an operational phase.
9. Reduced compliance obligations for imported goods and services
Businesses that apply the reverse-charge mechanism for VAT purposes in the UAE may benefit from reduced compliance obligations.
10. Substance and CbC reporting focus
Tax authorities are expected to continue strengthening the enforcement of economic substance and Country-by-Country (CbC) reporting frameworks. In the UAE, these regimes are increasingly being used as risk-assessment tools, providing tax authorities with a comprehensive view of multinational groups’ global footprints and enabling them to assess whether profits are aligned with real economic activity.
Contributed by Thomas Vanhee and Hend Rashwan, Aurifer
The National's picks
4.35pm: Tilal Al Khalediah
5.10pm: Continous
5.45pm: Raging Torrent
6.20pm: West Acre
7pm: Flood Zone
7.40pm: Straight No Chaser
8.15pm: Romantic Warrior
8.50pm: Calandogan
9.30pm: Forever Young
MATCH INFO
Manchester City 2 (Mahrez 04', Ake 84')
Leicester City 5 (Vardy 37' pen, 54', 58' pen, Maddison 77', Tielemans 88' pen)
Man of the match: Jamie Vardy (Leicester City)
More from Rashmee Roshan Lall
Our legal consultant
Name: Dr Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
MATCH INFO
Manchester United 1 (Greenwood 77')
Everton 1 (Lindelof 36' og)
The President's Cake
Director: Hasan Hadi
Starring: Baneen Ahmad Nayyef, Waheed Thabet Khreibat, Sajad Mohamad Qasem
Rating: 4/5
A Bad Moms Christmas
Dir: John Lucas and Scott Moore
Starring: Mila Kunis, Kathryn Hahn, Kristen Bell, Susan Sarandon, Christine Baranski, Cheryl Hines
Two stars
