Senators call for update on investigations into SolarWinds, Microsoft hacks

Senators call for update on investigations into SolarWinds, Microsoft hacks
© Greg Nash

Bipartisan leaders of a key Senate panel on Tuesday pressed the Biden administration for more information on its investigation into two recent, massive foreign espionage hacking incidents.

Senate Homeland Security Committee Chairman Gary PetersGary PetersHillicon Valley: Biden nominates former NSA deputy director to serve as cyber czar | Apple to send witness to Senate hearing after all | Biden pressed on semiconductor production amid shortage Bipartisan lawmakers signal support for Biden cybersecurity picks The Hill's Morning Report - Biden: Let's make a deal on infrastructure, taxes MORE (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanKellyanne Conway joins Ohio Senate candidate's campaign OVERNIGHT ENERGY: Senate confirms Mallory to lead White House environment council | US emissions dropped 1.7 percent in 2019 | Interior further delays Trump rule that would make drillers pay less to feds Senate confirms Biden's pick to lead White House environmental council MORE (R-Ohio) sent letters on cybersecurity concerns to Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), and to Federal CISO Christopher DeRusha, who works within the White House’s Office of Management and Budget (OMB). 

The committee leaders questioned Wales and DeRusha about the progress the administration has made garnering information about the SolarWinds hack, which U.S. intelligence agencies assessed in January was “likely” carried out by Russian hackers, and compromised at least nine federal agencies and 100 private sector groups.


The senators also asked questions about recently discovered vulnerabilities in Microsoft’s Exchange Server, which the company said last month was actively exploited by at least one state-sponsored Chinese hacking group to gain access to thousands of organizations around the world. 

“There is no easy solution to advanced persistent cyber threats,” the senators wrote.

“Time and again this Committee has discussed the challenges of defending against sophisticated, well resourced, and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack.”

The letters were sent weeks after both Wales and DeRusha testified before the committee on the SolarWinds hack, which was first discovered in December by cybersecurity group FireEye when it announced it had been breached. 

Peters and Portman asked Wales, who took over as acting director of CISA in November, about the an intrusion and detection systems used to protect federal systems known as EINSTEIN, and whether or not to renew the program in 2022 given that it did not detect the SolarWinds or Microsoft vulnerabilities.


They also pointed to concerns that the Department of Homeland Security (DHS), which CISA is part of, did not disclose the extent of the SolarWinds breach. DHS was among the agencies compromised, and the Associated Press reported last week that the hackers gained access to emails of top DHS officials. 

The senators pressed DeRusha, appointed by President BidenJoe BidenBiden administration still seizing land near border despite plans to stop building wall: report Olympics, climate on the agenda for Biden meeting with Japanese PM Boehner on Afghanistan: 'It's time to pull out the troops' MORE as federal CISO in January, to provide copies of the current federal cybersecurity strategy, along with a list of federal systems and networks compromised as part of both the SolarWinds and Microsoft breaches. 

“At the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time,” the senators stressed. 

Both CISA and OMB declined to comment on the letter. 

CISA has played a leading role in responding to both breaches, putting out directives to federal agencies over the past few months ordering them to take steps to patch their systems and investigate potential breaches as part of the SolarWinds and Microsoft Exchange Server incidents. 


CISA is also among the four agencies that have convened unified coordination groups to respond to both breaches, alongside the National Security Agency, the Office of the Director of National Intelligence, and the FBI. 

President Biden will soon sign an executive order aimed at improving federal cybersecurity, which DHS Secretary Alejandro MayorkasAlejandro MayorkasProgressive lawmakers press DHS chief on immigration detention Hillicon Valley: Intel leaders push for breach notification law | Coinbase goes public House Republicans raise concerns about new Chinese tech companies MORE said last week would contain “nearly a dozen actions.”

Biden is also planning separate actions to respond to Russia for the SolarWinds breach, with White House press secretary Jen PsakiJen PsakiOvernight Defense: Administration says 'low to moderate confidence' Russia behind Afghanistan troop bounties | 'Low to medium risk' of Russia invading Ukraine in next few weeks | Intelligence leaders face sharp questions during House worldwide threats he Overnight Health Care: Johnson & Johnson delay prompts criticism of CDC panel | Pfizer CEO says third dose of COVID-19 vaccine 'likely' needed within one year | CDC finds less than 1 percent of fully vaccinated people got COVID-19 Hillicon Valley: Biden administration sanctions Russia for SolarWinds hack, election interference MORE saying repeatedly in recent weeks that the response will come in “weeks, not months.”