Senators call for update on investigations into SolarWinds, Microsoft hacks

Senators call for update on investigations into SolarWinds, Microsoft hacks
© Greg Nash

Bipartisan leaders of a key Senate panel on Tuesday pressed the Biden administration for more information on its investigation into two recent, massive foreign espionage hacking incidents.

Senate Homeland Security Committee Chairman Gary PetersGary PetersBiden pays tribute to late Sen. Levin: 'Embodied the best of who we are' Former longtime Sen. Carl Levin dies at 87 GOP, Democrats battle over masks in House, Senate MORE (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanThe Hill's Morning Report - Presented by Facebook - White House, Dems play blame game over evictions Graham's COVID-19 'breakthrough' case jolts Senate Key Senate Republican praises infrastructure deal MORE (R-Ohio) sent letters on cybersecurity concerns to Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), and to Federal CISO Christopher DeRusha, who works within the White House’s Office of Management and Budget (OMB). 

The committee leaders questioned Wales and DeRusha about the progress the administration has made garnering information about the SolarWinds hack, which U.S. intelligence agencies assessed in January was “likely” carried out by Russian hackers, and compromised at least nine federal agencies and 100 private sector groups.

ADVERTISEMENT

The senators also asked questions about recently discovered vulnerabilities in Microsoft’s Exchange Server, which the company said last month was actively exploited by at least one state-sponsored Chinese hacking group to gain access to thousands of organizations around the world. 

“There is no easy solution to advanced persistent cyber threats,” the senators wrote.

“Time and again this Committee has discussed the challenges of defending against sophisticated, well resourced, and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack.”

The letters were sent weeks after both Wales and DeRusha testified before the committee on the SolarWinds hack, which was first discovered in December by cybersecurity group FireEye when it announced it had been breached. 

Peters and Portman asked Wales, who took over as acting director of CISA in November, about the an intrusion and detection systems used to protect federal systems known as EINSTEIN, and whether or not to renew the program in 2022 given that it did not detect the SolarWinds or Microsoft vulnerabilities.

ADVERTISEMENT

They also pointed to concerns that the Department of Homeland Security (DHS), which CISA is part of, did not disclose the extent of the SolarWinds breach. DHS was among the agencies compromised, and the Associated Press reported last week that the hackers gained access to emails of top DHS officials. 

The senators pressed DeRusha, appointed by President BidenJoe BidenThe Hill's Morning Report - Presented by Facebook - White House, Dems play blame game over evictions GOP skepticism looms over bipartisan spending deal Biden vaccine rule sets stage for onslaught of lawsuits MORE as federal CISO in January, to provide copies of the current federal cybersecurity strategy, along with a list of federal systems and networks compromised as part of both the SolarWinds and Microsoft breaches. 

“At the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time,” the senators stressed. 

Both CISA and OMB declined to comment on the letter. 

CISA has played a leading role in responding to both breaches, putting out directives to federal agencies over the past few months ordering them to take steps to patch their systems and investigate potential breaches as part of the SolarWinds and Microsoft Exchange Server incidents. 

CISA is also among the four agencies that have convened unified coordination groups to respond to both breaches, alongside the National Security Agency, the Office of the Director of National Intelligence, and the FBI. 

President Biden will soon sign an executive order aimed at improving federal cybersecurity, which DHS Secretary Alejandro MayorkasAlejandro MayorkasHillicon Valley: Social media giants fail to block 84 percent of antisemitic content: report | White House cyber chief backs new federal bureau to track threats Bipartisan governors press Biden administration on Canadian border restrictions Graham, Cuellar press Biden to name border czar MORE said last week would contain “nearly a dozen actions.”

Biden is also planning separate actions to respond to Russia for the SolarWinds breach, with White House press secretary Jen PsakiJen PsakiThe Hill's Morning Report - Presented by Facebook - White House, Dems play blame game over evictions Overnight Health Care: Average daily COVID infections topped last summer's peak, CDC says | US reaches 70 percent vaccination goal a month after Biden's target | White House says CDC can't renew eviction ban White House says CDC can't renew eviction ban MORE saying repeatedly in recent weeks that the response will come in “weeks, not months.”