Leading lawmakers said on Tuesday they feared they had been kept in the dark about what suspected Russian hackers stole from the federal government and pressed officials in the Biden administration for more details on the scope of this is called the SolarWinds hack.
In letters to senior officials, Senators Gary Peters and Rob Portman said recent Associated Press reporting “raised the troubling possibility that some federal agencies are not fully reporting” the extent of the violation to Congress.
“Time and time again, this committee has debated the challenges of defending against sophisticated, well-resourced and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not detect this cyberattack initially, “wrote the senators. Peters, a Democrat from Michigan, chairs the Committee. Senate Homeland Security and Government Affairs Portman, of Ohio, is the top Republican.
The AP reported last month that suspected Russian hackers gained access to email accounts belonging to the Trump administration’s acting Homeland Security Secretary, Chad Wolf, and cybersecurity staff from his office. department, whose jobs included hunting threats from foreign countries.
It has been nearly four months since officials discovered what they describe as a sprawling and month-long cyberespionage effort, carried out in large part by hacking widely used software from Texas-based SolarWinds Inc. At least nine federal agencies, including the Department of Homeland Security, have been hacked, along with dozens of private sector companies.
Senators sent their letters to Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency at DHS, and Christopher DeRusha, Chief Information Security Officer in the Office of Management and Budget.
Senators are asking for several documents related to the hack, including those that show which individual accounts were targeted or compromised.
Scott McConnell, a spokesperson for the cybersecurity agency, said it “does not comment on correspondence from Congress.” The OMB did not immediately return a request for comment.
Anne Neuberger, deputy national security adviser, said in an interview with The Associated Press last week that there were “gaps” in basic cybersecurity defenses in some of the nine affected agencies, which has hampered the ability of officials to determine what hackers accessed.
She said the administration had identified five upgrades needed as a result of its review of how the SolarWinds hack happened, including the use of technology that constantly monitors malicious activity and requires attention. greater use of multi-factor authentication so that systems cannot be accessed with a steal. password only.
The Biden administration has tried to keep tabs on the scope of the SolarWinds attack as it assesses retaliatory measures against Russia. But an AP investigation found new details of the violation at DHS and other agencies, including the Department of Energy, where hackers accessed the schedules of senior officials.
The AP interviewed more than a dozen current and former U.S. government officials, who spoke on condition of anonymity due to the confidential nature of the ongoing hacking investigation.