Cyberattack fears on the rise after shutdown, intel testimony

Cyberattack fears on the rise after shutdown, intel testimony

Lawmakers fear that increased threats from foreign actors, combined with lingering effects from the government shutdown, are making the U.S. more susceptible to cyberattacks.

The Department of Homeland Security (DHS) issued its first-ever emergency directive during the record-long shutdown, requiring federal agencies to secure certain systems after researchers found Iranian actors were trying to penetrate U.S. government networks.

ADVERTISEMENT

And top intelligence officials this week warned that foreign adversaries are escalating their cyberattacks while seeking to obtain top secret data.

When asked if another shutdown could serve as an open invitation for foreign hackers to go after federal systems, House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonHere are the 95 Democrats who voted to support impeachment House votes to kill impeachment effort against Trump Capitol Police chief says threats against lawmakers increasing MORE (D-Miss.) replied, "Absolutely."

"Our concern is that so many of those persons we relied on, they weren't there," Thompson said. "And that makes us weak."

DHS was one of the agencies that furloughed certain employees during the 35-day shutdown that ended Jan. 25. 

The agency has temporary funding through Feb. 15, as lawmakers on Capitol Hill attempt to hammer out a longer-term spending deal involving border security. If no deal is reached, another partial shutdown is possible.

Thompson said a repeat shutdown would limit the ability to improve protections for U.S. networks.

ADVERTISEMENT

“We could respond to [the Iranian activity] but we couldn't be proactive in looking for bad actors because of the shutdown,” Thompson said. “And that was a problem because you have to have a system that's both defensive and offensive. But if you're only defensive, you're limited in what you can identify.”

Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonMystery surrounds elusive sanctions on Russia Trump may intervene in Pentagon cloud-computing contract: report Hillicon Valley: Lawmakers struggle to understand Facebook's Libra project | EU hits Amazon with antitrust probe | New cybersecurity concerns over census | Robocall, election security bills head to House floor | Privacy questions over FaceApp MORE (R-Wis.) said he is constantly concerned about the possibility of cyberattacks on federal networks.

“It seems pretty obvious that we are just vulnerable to cyberattacks and we need to up our game both in the private sector, as well as in throughout the federal government,” Johnson said.

Lawmakers aren’t the only government officials with heightened concerns.

Intelligence leaders highlighted cyber threats to the U.S. in a report issued this week, warning that the country’s main cyber adversaries – China, Iran, North Korea and Russia – “increasingly use cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure."

The report said Iranian-backed hackers are targeting the federal government and its officials, mainly “to gain intelligence and position themselves for future cyber operations.”

And in the private sector, Facebook and Twitter announced Thursday that they were deleting thousands of fake accounts linked to Iranian disinformation campaigns.

Researchers at security firms Cisco’s Talos and FireEye recently uncovered apparent Iran-tied global campaigns targeting domain name systems, including ones used by U.S. government websites.

Attackers carrying out those kinds of campaigns can redirect users, give the appearance that the site is down or pull data from the domains.

Chris Krebs, head of the Cybersecurity Infrastructure and Security Agency at DHS, said that while officials were still determining the impact of the campaign, “we know enough to be concerned.”

“We know an active attacker is targeting government organizations,” Krebs wrote in a CISA blog post last week, adding that the actors “can intercept and manipulate legitimate traffic, make services unavailable or cause delay, harvest information like credentials or emails, or cause a range of other malicious activities.”

As part of the emergency directive from DHS, federal agencies were given 10 business days to secure their domain name systems, change their passwords and add safeguards like multi-factor authentication. 

The deadline for those actions is Monday.

Rep. James Langevin (D-R.I.), cofounder of the Cybersecurity Caucus and chair of the House Armed Services’ subcommittee on emerging threats and capabilities, said during the shutdown last week that he was worried about the federal government’s ability to meet that DHS deadline.

DHS has previously issued cyber directives for agencies, but gave them months to comply.

“My concern is, who's there to actually implement the requirement?” Langevin told The Hill during the shutdown. “And that's unclear.” 

Thompson this week declined to say whether he thought DHS would meet the deadline.

DHS did not respond to a request for comment.

About 43 percent of CISA staff were furloughed during the shutdown, according to planning documents. But much of the emergency directive would need to be implemented by staff at other agencies, and it’s not clear how many of those employees were furloughed.

Jamil Jaffer, a vice president at IronNet Cybersecurity who served as associate counsel for former President George W. Bush, said he had “no doubt” that foreign actors would take advantage of fewer eyes watching federal networks during a potential second government shutdown.

“It's not like foreign actors aren't watching us to see what we're doing, and when they see weaknesses...they're watching that, they're exploiting that,” Jaffer said. “And they will make every effort to take advantage of that.”