Senior House Republicans pointed today to the still-unfolding situation on Russian-backed hacking of government networks via SolarWinds software to call for passage of the Fiscal Year 2021 National Defense Authorization Act (NDAA) and the cybersecurity elements that the legislation features.
The House and Senate approved the NDAA earlier this month by veto-proof majorities, following President Trump’s threat to veto the legislation, which remains unsigned.
Republican members of the House Armed Services Committee led by Chairman Mac Thornberry, R-Texas, issued a statement today highlighting some of the bill’s cybersecurity elements, including protections for nuclear facilities, the establishment of a National Cyber Director position at the White House, and bolstering threat-hunting capabilities at the Cybersecurity and Infrastructure Security Agency (CISA).
“Our nation must respond to the reported cyber espionage operation targeting America’s nuclear infrastructure and federal government and hold the perpetrator accountable,” the committee members said. “This attack serves as a stark warning that our nation must bolster its cybersecurity posture and capabilities, and it must do so without delay.”
“There is no doubt that our adversaries will take advantage of any opportunity to attack vulnerabilities in our cyberinfrastructure,” they said. “The measures in this year’s bill will provide critical safeguards to protect the information and capabilities most foundational to our nation’s security.”Elsewhere on Capitol Hill:
Senate Finance Committee Charles Grassley, R-Iowa, and ranking member Sen. Ron Wyden, D-Ore., sent a letter late Thursday to Internal Revenue Service (IRS) Commissioner Charles Rettig demanding “an immediate briefing” on IRS efforts to discover whether its systems were breached, and if so, whether sensitive taxpayer information was stolen.
The senators cited information that IRS was a customer of SolarWinds as recently as 2017. “Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans’ privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised,” the senators said. “It is also critical that we understand what actions the IRS is taking to mitigate any potential damage, ensure that hackers do not still have access to internal IRS systems, and prevent future hacks of taxpayer data.”
And Sen. Mark Warner, D-Va., Vice Chairman of the Senate Intelligence Committee, called the SolarWinds hack “a devastating breach of U.S. networks” that “once again shows that the President and White House are not taking this issue seriously enough.”
“As we learn about the wider impact of this malign effort – with the potential for wider compromise of critical global technology vendors and their products – it is essential that we see an organized and concerted federal response,” the senator said.