SPONSORED:

Officials urge Biden to appoint cyber leaders after SolarWinds, Microsoft hacks

Officials urge Biden to appoint cyber leaders after SolarWinds, Microsoft hacks
© Getty Images

Homeland Security Secretary Alejandro MayorkasAlejandro MayorkasUS officials testify on domestic terrorism in wake of Capitol attack DHS establishes domestic terror unit within its intelligence office Overnight Energy: Southeast sees gas shortages amid pipeline shutdown | Feds eye more oversight of pipelines after Colonial attack | Biden administration approves major offshore wind project MORE and leading lawmakers on Wednesday urged President Biden to nominate officials to lead federal cybersecurity policy, particularly as the government continues to grapple with the fallout from two massive cyber espionage attacks. 

Mayorkas was questioned by lawmakers about the progress on Biden nominating an individual to fill the director position for the Cybersecurity and Infrastructure Security Agency (CISA), which has not had a Senate-confirmed leader since former President TrumpDonald TrumpKinzinger, Gaetz get in back-and-forth on Twitter over Cheney vote READ: Liz Cheney's speech on the House floor Cheney in defiant floor speech: Trump on 'crusade to undermine our democracy' MORE fired then-Director Christopher Krebs in November. 

“We are very focused on filling the vacancies of leadership across the department, it’s an issue that I work with the White House on every single week, and as a matter of fact, I had a conversation yesterday on that very subject,” Mayorkas testified to the House Homeland Security Committee. “I will say that yes we do need a politically appointed, Senate-confirmed leadership in a number of positions throughout the Department of Homeland Security.”

ADVERTISEMENT

Mayorkas praised current Acting CISA Director Brandon Wales for his leadership, but noted he “agreed” with the need for there to be a Senate-confirmed leader when asked by Homeland Security Committee ranking member John KatkoJohn Michael KatkoHillicon Valley: Feds eye more oversight of pipelines after Colonial attack | White House monitoring fuel shortages | Democrats urge Facebook to reverse WhatsApp update | Biden announces deal with Uber, Lyft for free vaccine rides Feds eye more oversight of pipelines after Colonial attack Katko probes federal oversight of oil and gas industry cybersecurity MORE (R-N.Y.). Katko sent a letter to Biden last week urging him to nominate a CISA director. 

Mayorkas’s comments come as the federal government is grappling with two major nation-state cyber espionage incidents, with CISA taking a leading role in the response.

The first incident, which has become known as the SolarWinds hack, involved likely Russian hackers infiltrating at least nine federal agencies and 100 private sector groups since at least March 2020.

Microsoft complicated matters further earlier this month when it announced that a Chinese state-sponsored hacking group had exploited previously unknown vulnerabilities in its Exchange Server program, with hundreds of thousands of government and private sector groups worldwide put at risk. 

CISA is among the four federal agencies that has been designated to respond to both the incidents.

ADVERTISEMENT

Mayorkas confirmed in written testimony Wednesday that DHS had been breached by the hackers in the SolarWinds case.

“DHS’s own networks were compromised by the campaign exploiting SolarWinds, but the Department was able to continue to execute its mission,” Mayorkas said. “While our public-facing services were not affected and we no longer see indicators of compromise on our networks, we have more work to do to fully secure our network against future attacks. DHS networks and cybersecurity best practices should be a model for other civilian agencies.”

The issue of the opening at the helm of CISA comes as Biden has also not yet announced a nominee to serve as national cyber director at the White House, a Senate-confirmed position established as part of the most recent National Defense Authorization Act (NDAA). 

White House press secretary Jen PsakiJen PsakiBlinken speaks with Israeli counterpart amid escalating conflict Hillicon Valley: Feds eye more oversight of pipelines after Colonial attack | White House monitoring fuel shortages | Democrats urge Facebook to reverse WhatsApp update | Biden announces deal with Uber, Lyft for free vaccine rides Biden sent letter to Palestinian president over 'current situations' MORE told reporters earlier this week that the administration is currently undertaking a 60-day review of the position, which marks a reestablishment and elevation of the cyber coordinator position eliminated in 2018 under the Trump administration.

Sen. Angus KingAngus KingSenate panel deadlocks in vote on sweeping elections bill Senate descends into hours-long fight over elections bill Overnight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals MORE (I-Maine), one of the key lawmakers who fought for the clause to establish the cyber czar in the NDAA, pointed Wednesday to the SolarWinds and Microsoft hacks as underlining the need to nominate officials for both the CISA and White House positions. 

ADVERTISEMENT

“It may be that we are losing valuable time...let’s name a national cyber director, send the nomination up here, and in the meantime the White House can work on establishment of the office,” King told reporters during a phone call. 

“We really have to have an entirely new way of thinking about the conflict, we think about wars as being between armies, this is a case where the conflict from the outset will involve the private sector,” he stressed on foreign cyber threats. “They are not going to send troops to attack Washington, they are going to send bots to attack the Northeast power grid.”

Biden did appoint Anne Neuberger, the former cybersecurity lead at the National Security Agency, to serve as his deputy national security advisor for Cyber and Emerging Technology. Neuberger is currently serving as the lead in the White House on coordinating response to both cyberattacks.

King praised Neuberger’s leadership, but pointed out that her position is not a solid one, as it could be eliminated by national security advisor Jake SullivanJake SullivanBlinken speaks with Israeli counterpart amid escalating conflict Biden sent letter to Palestinian president over 'current situations' White House condemns rocket attacks against Israel MORE at any time. 

“I keep saying nice things about Anne Neuberger, and I mean that, but she is a staff member of the National Security Council, and her position could disappear tomorrow,” King said. “This is such a critical area, it deserves a very senior level appointee.”