Peters, Portman Request Information on Federal Government’s Response to SolarWinds Orion and Microsoft Exchange Cyber-Attacks

WASHINGTON, DC – U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee are requesting information from top federal cybersecurity experts on the recent compromises of SolarWinds Orion and Microsoft Exchange, how American cyber defenses were unprepared for this attack and why there was a significant delay in detecting these breaches.

“As our hearing highlighted, there is no easy solution to advanced persistent cyber threats,” the Senators wrote. “Time and again this Committee has discussed the challenges of defending against sophisticated, well-resourced, and patient cyber adversaries.   Nevertheless, the fact remains that despite significant investments in cyber defenses, the federal government did not initially detect this cyber-attack.”

The Senators continued: “Mitigating vulnerabilities and reducing legacy information technology that serve as open doors to malicious hackers is also important.  So will be deterrence efforts that create real-world consequences for cyber-attacks against the United States—investigation, attribution, prosecution, and sanctions.  At the national level, our cybersecurity strategy will require careful consideration of the appropriate role of the federal government, companies, and citizens in cyber defense, especially when it comes to nation-state actors with near unlimited resources and time.” 

The letters were sent to Brandon Wales, Acting Director of the Cybersecurity & Infrastructure Security Agency at the Department of Homeland Security, and Christopher DeRusha, Federal Chief Information Security Officer at the Office of Management & Budget.

Peters has led efforts to bolster our nation’s cybersecurity defenses. Peters convened a hearing with senior cybersecurity officials on last year’s SolarWinds hack and cybersecurity vulnerabilities. As a part of the American Rescue Plan Act, Peters helped secure nearly $2 billion to modernize and secure information systems critical to the federal pandemic response. Last Congress, the Senate unanimously approved Peters’ bills to develop and retain highly-skilled cybersecurity professionals in the federal workforce and strengthen cybersecurity coordination between DHS and state and local governments. Peters has also pushed bipartisan legislation to improve access to cybersecurity resources and training for small businesses and support K-12 schools with the resources they need to bolster their cybersecurity.

Portman and Peters’ letters are available via the following links:

The Department of Homeland Security
The Office of Management & Budget