Lawmakers press federal agencies on scope of SolarWinds attack

Lawmakers press federal agencies on scope of SolarWinds attack

The bipartisan leaders of a House panel on Wednesday drilled multiple agencies for updates on the SolarWinds hack, a mass cyber campaign that compromised at least nine federal agencies and 100 private sector groups.

Members of the Energy and Commerce Committee sent letters demanding answers to the leaders of the departments of Commerce, Energy and Health and Human Services, as well as the Environmental Protection Agency and the National Telecommunications and Information Administration.

The lawmakers, led by Chairman Frank Pallone (D-N.J.) and ranking member Cathy McMorris RodgersCathy McMorris RodgersFive takeaways from new CDC guidance on going maskless GOP votes to replace Cheney with Stefanik after backing from Trump Stefanik shake-up jump-starts early jockeying for committee posts MORE (R-Wash.), drilled the agencies — several of which were reportedly compromised by the breach — on the impact of the hack, how they are responding to it and how they hope to prevent similar cyberattacks in the future.


“Over the past several years, the Committee on Energy and Commerce has done extensive work on cyber threats, including hearings and investigations examining the information security programs and controls over key computer systems and networks at multiple agencies under the Committee’s jurisdiction,” the lawmakers wrote. 

“Because the SolarWinds attack has potentially affected a wide array of federal agencies and programs, the Committee is seeking to gain a fuller understanding of the scope of the attack and actions being taken to mitigate its effects,” they added. 

The letters were sent as the federal government continues to investigate and respond to the SolarWinds hack.

U.S. intelligence officials have stated that sophisticated Russian hackers were “likely” behind the attack, which took place over the course of a year but was only discovered in December. The breach involved attackers exploiting software from IT group SolarWinds, among other avenues, to gain access to customers. 

Other lawmakers who signed on to the letters included the chairman and ranking member of every House Energy and Commerce subcommittee, including Reps. Bobby RushBobby Lee RushFeds eye more oversight of pipelines after Colonial attack Shining a light on COINTELPRO's dangerous legacy Exorcising the ghosts of COINTELPRO: Bobby Rush Edition MORE (D-Ill.), Fred UptonFrederick (Fred) Stephen UptonSunday shows preview: House GOP removes Cheney from leadership position; CDC issues new guidance for fully vaccinated Americans Cheney fight stokes cries of GOP double standard for women Overnight Energy: Michigan reps reintroduce measure for national 'forever chemicals' standard |  White House says gas tax won't be part of infrastructure bill MORE (R-Mich.), Anna EshooAnna Georges EshooNIH readies grants for more research on long-term health effects of COVID-19 Lawmakers launch bipartisan caucus on SALT deduction Biden clean electricity standard faces high hurdles MORE (D-Calif.), Brett GuthrieSteven (Brett) Brett GuthrieHillicon Valley: US, UK authorities say Russian hackers exploited Microsoft vulnerabilities | Lawmakers push for more cyber funds in annual appropriations | Google child care workers ask for transportation stipend Lawmakers push for increased cybersecurity funds in annual appropriations The Hill's Morning Report - Presented by Emergent BioSolutions - House GOP drama intensifies; BIden sets new vax goal MORE (R-Ky.), Diana DeGetteDiana Louise DeGetteDemocrats target Trump methane rule with Congressional Review Act Regulator: Evidence suggests Texas 'absolutely' didn't follow recommendations to winterize power equipment Democrats urge FDA to clear market of all flavored e-cigarettes MORE (D-Colo.), Morgan GriffithHoward (Morgan) Morgan GriffithGOP lawmakers press social media giants for data on impacts on children's mental health Lawmakers press federal agencies on scope of SolarWinds attack House Republicans urge Democrats to call hearing with tech CEOs MORE (R-Va.), Mike DoyleMichael (Mike) F. DoyleCongressional CEO grillings can't solve disinformation: We need a public interest regulator Hillicon Valley: Another Big Tech hearing | Cyber Command flexes operations | Trump's social media site in the works Lawmakers vent frustration in first hearing with tech CEOs since Capitol riot MORE (D-Pa.), Bob Latta (R-Ohio), Jan SchakowskyJanice (Jan) Danoff SchakowskyBattle lines drawn over Biden's support for vaccine waivers Overnight Health Care: Biden sets goal of at least one shot to 70 percent of adults by July 4 | White House to shift how it distributes unallocated vaccines to states Pressure builds for Biden to back vaccine patent waivers MORE (D-Ill.), Gus Bilirakis (R-Fla.), Paul TonkoPaul David TonkoHouse GOP campaign arm adds to target list Unleashing an American-led clean energy economy to reach net-zero emissions Lawmakers press federal agencies on scope of SolarWinds attack MORE (D-N.Y.) and David McKinleyDavid Bennett McKinleyHouse fails to pass drug bill amid Jan. 6 tensions The Memo: Hunter Biden and the politics of addiction OVERNIGHT ENERGY: Native groups hope Haaland's historic confirmation comes with tribal wins | EPA asks court to nix Trump rule limiting GHG regs | Green group asks regulators to block use of utility customers' money for lobbying  MORE (R-W.Va.).


Federal agencies are still responding to the breach. The Trump administration stood up a unified coordination group in January consisting of multiple intelligence agencies as part of its response, and President BidenJoe BidenWarren calls for US to support ceasefire between Israel and Hamas UN secretary general 'deeply disturbed' by Israeli strike on high rise that housed media outlets Nation's largest nurses union condemns new CDC guidance on masks MORE asked the Intelligence Community to undertake a review of the scope of the hack when he took office in January.

A senior administration official told reporters last week that agencies are in the midst of finalizing a four-week security review to ensure hackers are out of their systems. The official noted that the U.S. will roll out new technologies to address “gaps” in federal IT, and that a response from the administration to Russia would come in “weeks, not months.”

The House Energy and Commerce panel is not alone on Capitol Hill in responding to the breach. In the House, the Homeland Security and Oversight and Reform committees launched a joint investigation in December, and both panels, with the Senate Intelligence Committee, have hosted hearings on the breach in recent months. 

The Senate Homeland Security and Governmental Affairs Committee will hold a hearing Thursday to examine the federal response to the breach, which will feature testimony from Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales, among others.