A group of six senators has called on leaders of the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to respond to several questions with regard to a cyber vulnerability involving SolarWinds’ Orion Network Management products.
In a Tuesday letter to FBI Director Christopher Wray and Acting CISA Director Brandon Wales, the lawmakers asked the two agencies to provide a list of federal entities that reported using the products cited in the cyber incident, describe the quantities and categories of data that were vulnerable to unauthorized access and share how their offices organized coordination with federal agencies to support investigative and forensic analysis efforts.
The letter came days after CISA issued an emergency directive directing all agencies to immediately disconnect SolarWinds Orion products versions 2019.4 to 2020.2.1 HF1 from their networks to mitigate the vulnerability.
The senators also want to know about the support SolarWinds has offered to agencies to address data security concerns, whether the investigation identified any lapses in the implementation of the Federal Information Security Modernization Act and how the investigation will assist SolarWinds’ customers in the private sector.
The letter was signed by Sens. Jerry Moran, R-Kan.; Jeanne Shaheen, D-N.H.; John Thune, R-S.D.; Richard Blumenthal, D-Conn.; Roger Wicker, R-Miss.; and Maria Cantwell, D-Wash.
The FBI, CISA and the Office of the Director of National Intelligence issued a joint statement Wednesday announcing the formation of a cyber unified coordination group to facilitate a “whole-of-government response” to the cyber attack.