The Democratic and Republican leaders of the Senate Homeland Security and Governmental Affairs Committee early in 2021 plan to hold hearings and work on legislation related to the ongoing intrusion of federal and private sector computer networks allegedly being carried out by a Russian intelligence agency.
The hack was first disclosed earlier this month by the cyber security firm FireEye [FEYE], which itself was a victim. The hackers used software updates provided by the network management company SolarWinds [SWI] and other channels to breach private and public sector networks in what the Department of Homeland Security’s cyber agency says is a threat that “poses a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
The upcoming hearings and legislation will be led by Sens. Rob Portman (R-Ohio) and Gary Peters (D-Mich.). Peters is currently the ranking member of the committee and Portman chairs its subcommittee on Investigations. Depending on the outcome of two U.S. Senate elections in Georgia in early January, either Portman or Peters will chair the committee and the other will be the ranking member.
“The recently discovered and ongoing cyberattacks cannot be tolerated and demonstrate the weakness of our cyber defenses and capacity to respond,” the two senators said last Friday in a joint statement. “These attacks were highly complex and they must be unraveled to know the full extent of the exposure to federal and state agencies and the private sector.”
Lessons need to be learned and applied to strengthen the country’s cyber defenses, they added.
The Trump administration hasn’t publicly attributed who is behind the cyber intrusion, which FireEye said began last spring and is being done by a sophisticated nation-state actor using novel approaches that had not been seen previously and therefore is much harder to detect.
The Senate Homeland Security and Governmental Affairs Committee is the first congressional panel to say it is planning hearings on the SolarWinds hack.