The bipartisan leaders of the Senate Homeland Security and Governmental Affairs Committee have sent letters to OMB and DHS pressing them on the urgency of upgrading federal agency cyber defenses.
The letter follows a hearing the massive Solar Winds supply chain hack that saw numerous federal agency networks compromised late in 2020 that prompted DHS to order agencies to immediately disconnect or power down affected products and key intelligence agencies to form a joint task force to try to corral the problem.
“Time and again this committee has discussed the challenges of defending against sophisticated, well resourced, and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack,” wrote chairman Sen. Gary Peters, D-Mich., and ranking Republican Rob Portman of Ohio.
“An effective federal cybersecurity strategy will need to reevaluate core assumptions and consider new solutions and approaches to cybersecurity . . . Mitigating vulnerabilities and reducing legacy information technology that serve as open doors to malicious hackers is also important,” they wrote, as is creating “defined structures for inter-agency coordination on incident response.”
They asked OMB and DHS for information on the current federal cybersecurity strategy and implementation plans; a list of roles and responsibilities for federal cybersecurity; the specific information systems compromised or targeted at federal agencies in the SolarWinds Orion attack and Microsoft Exchange attacks; and more.
Such requests commonly form the basis for later legislative proposals.