The top two senators on the Homeland Security and Governmental Affairs Committee are looking for documents showing which information systems, individuals, teams and programs at federal agencies were compromised or targeted in the recent SolarWinds and Microsoft Exchange intrusions “to the greatest level of detail possible.”
Sen. Gary Peters, D-Mich., and Rob Portman, R-Ohio, HSGAC chairman and ranking member, respectively, sent letters dated April 5 to the acting director of the Cybersecurity and Infrastructure Security Agency and the federal chief information security officer at the Office of Management and Budget for more information on the hacks following a March 18 hearing.
“Time and again this Committee has discussed the challenges of defending against sophisticated, well-resourced, and patient cyber adversaries,” the letters read. “Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack.”
In the letter to Brandon Wales, CISA acting director, the senators asked not only for the documents showing which government information systems were compromised, but also for more information on EINSTEIN, the system that sits on agencies’ network perimeters to detect and prevent intrusions.
Authorization for EINSTEIN lapses in December 2022, the senators noted, and they need to determine whether the program should continue and if so, how it can be reauthorized to better address its limitations.
“As you alluded to in your testimony, network perimeters are increasingly irrelevant with modern information technology infrastructure that emphasizes end-to-end encryption and reliance on cloud service providers outside of an organization’s network; these technologies represent an inherent limitation of perimeter-based intrusion detection systems like EINSTEIN,” the CISA letter reads.
The senators also asked about the Continuous Diagnostics and Mitigation program, specifically for documents showing current and planned technical capabilities for CDM and the current plan to make sure agencies are using appropriate tools as part of the CDM program.
During the March 18 hearing, Wales advocated for reauthorization and continued support of both EINSTEIN and CDM. Both require updates but are still needed, he said.
On the OMB side, the senators asked Federal CISO Chris DeRusha for the current federal cybersecurity strategy and any associated implementation plans, as well as any plans to update these policies. They also want to know who is in charge of what when it comes to cybersecurity in the federal government, as well as an assessment of how each of these roles contributed to the SolarWinds response.
“We look forward to working with the Administration on needed improvements to the Federal Information Security Modernization Act of 2014, and other legislative improvements to defend better against advanced persistent cyber threats,” the OMB letter reads.
The senators requested responses by April 20.