WASHINGTON, D.C. – U.S. Senator Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, convened a hearing with top officials to examine the Biden Administration’s actions to bolster our nation’s cybersecurity defenses. Peters and the witnesses discussed additional resources and authorities the federal government needs to deter cyber-attacks that continue to disrupt the lives and livelihoods of Michiganders and Americans – including how lawmakers can work to establish incident reporting requirements from entities who fall victim to attacks.
National Cyber Director Chris Inglis, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly, and Office of Management and Budget Federal Chief Information Security Officer Chris DeRusha testified before the committee.
“Whether it’s widespread spyware, or a ransomware attack, the federal government needs to know when cyber incidents have occurred, so they can determine if there are patterns, alert future potential targets, and help seal up any vulnerabilities. This information is especially vital when it comes to our nation’s critical infrastructure, 85% of which is privately owned and operated,” said Peters during his opening statement. “Despite this vulnerability there is currently no national requirement for all critical infrastructure owners and operators to report to the federal government when they have been hit with a significant attack. That needs to change.”
Peters also raised concerns that the Federal Information Security Modernization Act – which was last updated more than six years ago – is not currently sufficient to protect federal networks.
“We also need to ensure the federal government is sharing this same information in a timely manner,” Peters continued. “We need to pass updated legislation that clarifies CISA’s roles and responsibilities in federal information security, improves how incidents on federal networks are reported to Congress, and ensures that our cybersecurity resources are effectively aligned with emerging threats.”
Relentless cyber-attacks against everything from the federal government to a major oil pipeline have demonstrated how these threats can have widespread effects on communities across the nation. During the hearing, the Committee heard from the Administration’s top cybersecurity officials on how the National Cyber Director position has improved coordination and cohesion across the federal government to deter online assaults and hold bad actors accountable for targeting American networks. Peters led the charge to create this important position and the confirmation of the first National Cyber Director through the Senate.
Peters asked Easterly and Inglis for their input on legislation he is working on that would require critical infrastructure to report to CISA if they experience a cyber-attack, and most other entities to report if they make a ransomware payment. This information would help federal officials prepare for potential impacts and help prevent further widespread attacks. Peters and the witnesses also discussed how lawmakers can work to reform the Federal Information Security Modernization Act to better protect the federal networks and update cybersecurity incident reporting requirements for federal agencies.
At the hearing, Peters also pressed Inglis and Easterly on how the Administration balances the need for investigating cyber-attacks with providing relief to victims, including businesses that can lose revenue in the aftermath of an attack. Recent reports have said the Federal Bureau of Investigation withheld the digital key necessary to unlock the computers of hundreds of businesses and organizations that were the subjects of the Kaseya ransomware attack for almost three weeks, possibly costing businesses millions of dollars.
As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to increase our nation’s cybersecurity defenses. Peters convened a hearing with the Chief Executive Officer of Colonial Pipeline to examine a recent ransomware attack against the company. In April, the Senate passed his provision to help protect our nation’s public water infrastructure technology systems, following recent cyber-attacks on water utilities. Peters is also conducting an investigation into the role cryptocurrencies continue to play in emboldening and incentivizing cybercriminals to commit ransomware attacks. As a part of the Senate-passed bipartisan infrastructure bill, Peters secured several provisions to help state, local, tribal, and territorial governments deter attacks from cybercriminals and modernize systems to protect sensitive data and information, increase our government’s ability to quickly respond to major network intrusions, and provide the newly created office of the National Cyber Director with funding to secure qualified personnel to support its important cybersecurity mission.