The House Energy and Commerce Committee sent an inquiry Wednesday to the heads of five federal agencies on what measures they have implemented to identify and mitigate the critical vulnerability in Java-based Log4j software.
Leaders of the committee and its subcommittees invited the departments of Health and Human Services, Energy and Commerce as well as the Environmental Protection Agency and the National Telecommunications and Information Administration to hold a staff briefing on the matter by Aug. 24.
The inquiry comes nearly eight months after the Cybersecurity and Infrastructure Security Agency directed all federal civilian organizations to immediately apply patches to internet-facing government networks due to the discovered exploitation.
“The risk to federal network security is especially concerning because nationstate threat actors have attempted to exploit this Log4j vulnerability,” the lawmakers wrote. They seek to better understand the scope of the cybersecurity incident and mitigation efforts.
