Senators call for update on investigations into SolarWinds, Microsoft hacks

Senators call for update on investigations into SolarWinds, Microsoft hacks
© Greg Nash

Bipartisan leaders of a key Senate panel on Tuesday pressed the Biden administration for more information on its investigation into two recent, massive foreign espionage hacking incidents.

Senate Homeland Security Committee Chairman Gary PetersGary PetersHillicon Valley: Biden nominates former NSA deputy director to serve as cyber czar | Apple to send witness to Senate hearing after all | Biden pressed on semiconductor production amid shortage Bipartisan lawmakers signal support for Biden cybersecurity picks The Hill's Morning Report - Biden: Let's make a deal on infrastructure, taxes MORE (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanHarris casts tiebreaking vote to advance Biden nominee The Hill's Morning Report - Presented by Facebook - After historic verdict, Chauvin led away in handcuffs How to save the Amazon rainforest MORE (R-Ohio) sent letters on cybersecurity concerns to Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), and to Federal CISO Christopher DeRusha, who works within the White House’s Office of Management and Budget (OMB). 

The committee leaders questioned Wales and DeRusha about the progress the administration has made garnering information about the SolarWinds hack, which U.S. intelligence agencies assessed in January was “likely” carried out by Russian hackers, and compromised at least nine federal agencies and 100 private sector groups.


The senators also asked questions about recently discovered vulnerabilities in Microsoft’s Exchange Server, which the company said last month was actively exploited by at least one state-sponsored Chinese hacking group to gain access to thousands of organizations around the world. 

“There is no easy solution to advanced persistent cyber threats,” the senators wrote.

“Time and again this Committee has discussed the challenges of defending against sophisticated, well resourced, and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack.”

The letters were sent weeks after both Wales and DeRusha testified before the committee on the SolarWinds hack, which was first discovered in December by cybersecurity group FireEye when it announced it had been breached. 

Peters and Portman asked Wales, who took over as acting director of CISA in November, about the an intrusion and detection systems used to protect federal systems known as EINSTEIN, and whether or not to renew the program in 2022 given that it did not detect the SolarWinds or Microsoft vulnerabilities.


They also pointed to concerns that the Department of Homeland Security (DHS), which CISA is part of, did not disclose the extent of the SolarWinds breach. DHS was among the agencies compromised, and the Associated Press reported last week that the hackers gained access to emails of top DHS officials. 

The senators pressed DeRusha, appointed by President BidenJoe BidenCornyn, Sinema to introduce bill aimed at addressing border surge Harris to travel to Northern Triangle region in June Biden expected to formally recognize Armenian Genocide: report MORE as federal CISO in January, to provide copies of the current federal cybersecurity strategy, along with a list of federal systems and networks compromised as part of both the SolarWinds and Microsoft breaches. 

“At the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time,” the senators stressed. 

Both CISA and OMB declined to comment on the letter. 

CISA has played a leading role in responding to both breaches, putting out directives to federal agencies over the past few months ordering them to take steps to patch their systems and investigate potential breaches as part of the SolarWinds and Microsoft Exchange Server incidents. 


CISA is also among the four agencies that have convened unified coordination groups to respond to both breaches, alongside the National Security Agency, the Office of the Director of National Intelligence, and the FBI. 

President Biden will soon sign an executive order aimed at improving federal cybersecurity, which DHS Secretary Alejandro MayorkasAlejandro MayorkasBipartisan group of senators holds immigration talks amid border surge Justice Department convenes task force to tackle wave of ransomware attacks Biden to offer 22K additional guest worker visas, 6K targeted toward Northern Triangle MORE said last week would contain “nearly a dozen actions.”

Biden is also planning separate actions to respond to Russia for the SolarWinds breach, with White House press secretary Jen PsakiJen PsakiHillicon Valley: Tech companies duke it out at Senate hearing | Seven House Republicans vow to reject donations from Big Tech Vaccination slowdown could threaten recovery New signs of progress emerge on police reform MORE saying repeatedly in recent weeks that the response will come in “weeks, not months.”