Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, and Sen. Rob Portman, R-Ohio., ranking member of the Senate panel, have asked the federal government to provide information on its response to cyberattacks involving SolarWinds Orion and Microsoft Exchange.
Peters and Portman sent letters on Monday to Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), and Christopher DeRusha, federal chief information security officer at the Office of Management and Budget (OMB) and 2021 Wash100 Award winner, asking them to submit unredacted copies of documents regarding the hacks by April 20th, the Senate panel said Tuesday.
The lawmakers are asking CISA to provide documents showing federal information systems that were compromised during the cyber attacks, the current and planned technical capabilities of the EINSTEIN intrusion detection and prevention system and the Continuous Diagnostics and Mitigation program, classified indicators in use on EINSTEIN 3 Accelerated and Operations and spending plans for the National Cybersecurity Protection System and for the CDM program.
“The authorization for DHS to operate EINSTEIN lapses on December 18, 2022 and we look forward to working with you to determine whether and how to reauthorize the program to address these limitations and, more broadly, how to defend better against advanced persistent cyber threats,” according to the letter addressed to Wales.
Portman and Peters asked DeRusha to provide information on the government’s current federal cybersecurity strategy and list of responsibilities and roles for federal cybersecurity and submit documents showing federal information systems that were targeted during the recent hacks and Cyberscope data received for fiscal year 2020.
“These documents and information will help the Committee in considering potential legislation to improve federal cybersecurity, including reforms to the Federal Information Security Modernization Act of 2014,” the letter reads.
To register for this virtual forum, visit the GovConWire Events page.