Senators call for update on investigations into SolarWinds, Microsoft hacks

Bipartisan leaders of a key Senate panel on Tuesday pressed the Biden administration for more information on its investigation into two recent, massive foreign espionage hacking incidents.

Senate Homeland Security Committee Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) sent letters on cybersecurity concerns to Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), and to Federal CISO Christopher DeRusha, who works within the White House’s Office of Management and Budget (OMB). 

The committee leaders questioned Wales and DeRusha about the progress the administration has made garnering information about the SolarWinds hack, which U.S. intelligence agencies assessed in January was “likely” carried out by Russian hackers, and compromised at least nine federal agencies and 100 private sector groups.

The senators also asked questions about recently discovered vulnerabilities in Microsoft’s Exchange Server, which the company said last month was actively exploited by at least one state-sponsored Chinese hacking group to gain access to thousands of organizations around the world. 

“There is no easy solution to advanced persistent cyber threats,” the senators wrote.

“Time and again this Committee has discussed the challenges of defending against sophisticated, well resourced, and patient cyber adversaries. Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyberattack.”

The letters were sent weeks after both Wales and DeRusha testified before the committee on the SolarWinds hack, which was first discovered in December by cybersecurity group FireEye when it announced it had been breached. 

Peters and Portman asked Wales, who took over as acting director of CISA in November, about the an intrusion and detection systems used to protect federal systems known as EINSTEIN, and whether or not to renew the program in 2022 given that it did not detect the SolarWinds or Microsoft vulnerabilities.

They also pointed to concerns that the Department of Homeland Security (DHS), which CISA is part of, did not disclose the extent of the SolarWinds breach. DHS was among the agencies compromised, and the Associated Press reported last week that the hackers gained access to emails of top DHS officials. 

The senators pressed DeRusha, appointed by President Biden as federal CISO in January, to provide copies of the current federal cybersecurity strategy, along with a list of federal systems and networks compromised as part of both the SolarWinds and Microsoft breaches. 

“At the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time,” the senators stressed. 

Both CISA and OMB declined to comment on the letter. 

CISA has played a leading role in responding to both breaches, putting out directives to federal agencies over the past few months ordering them to take steps to patch their systems and investigate potential breaches as part of the SolarWinds and Microsoft Exchange Server incidents. 

CISA is also among the four agencies that have convened unified coordination groups to respond to both breaches, alongside the National Security Agency, the Office of the Director of National Intelligence, and the FBI. 

President Biden will soon sign an executive order aimed at improving federal cybersecurity, which DHS Secretary Alejandro Mayorkas said last week would contain “nearly a dozen actions.”

Biden is also planning separate actions to respond to Russia for the SolarWinds breach, with White House press secretary Jen Psaki saying repeatedly in recent weeks that the response will come in “weeks, not months.”