Portman Statement At Hearing to Consider Cybersecurity and Government Services Nominees

WASHINGTON, DC – This morning, U.S. Senator Rob Portman (R-OH), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, delivered remarks at a Homeland Security and Governmental Affairs Committee hearing to consider the nominations of Robin Carnahan to be Administrator, General Services Administration; Jen Easterly to be Director, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security; and Chris Inglis to be National Cyber Director. 

Senator Portman’s remarks, as prepared, can be found below: 

“Thank you, Chairman Peters. Welcome, Ms. Carnahan, Ms. Easterly, and Mr. Inglis. Thank you for your willingness to serve. These are all very important positions that deserve this Committee’s careful consideration. 

“Established more than 70 years ago, the U.S. General Services Administration plays a vital role in centralizing key support services across government. GSA provides office space, goods and services, technology modernization and acquisition assistance, purchase cards, and leased vehicles to virtually every federal agency. In 2020 alone, GSA managed more than 370 million rentable square feet of property and helped agencies acquire more than $75 billion in goods and services. While work like this is rarely on the front page, it is vital to the business of government and the protection of taxpayer dollars. For example, one longstanding GSA offering, the City Pair Program, offers pre-negotiated airline rates for federal travelers to nearly 12,000 markets and despite lower levels of air travel due to the pandemic, it is still expected to save taxpayers $1.2 billion in 2021 alone. 

“To lead this vital agency, President Biden has nominated former Missouri Secretary of State Robin Carnahan. In both her service with her home state of Missouri, and more recently in a term position with GSA, Secretary Carnahan has been an outspoken advocate of government technology modernization and improvement, which I hope would be a key priority for her if she is confirmed. I am pleased to have her here today and look forward to speaking with her about the position. 

“The other two nominees here today also are for key positions that must lead government modernization of our country’s cybersecurity. Jen Easterly has been nominated to head the Cybersecurity and Infrastructure Security Agency at DHS and Chris Inglis has been nominated to be first ever National Cyber Director. Both Ms. Easterly and Mr. Inglis have years of impressive government service in positions protecting our national security. 

“As members of this Committee know all too well, cybersecurity failures are becoming all too common. It seems that America’s data and information – both in the public and private sectors – has never been more at risk. As a result, DHS’s Cybersecurity and Infrastructure Security Agency, or ‘CISA,’ has almost become a household name. 

“Earlier this week, the CEO of Colonial Pipeline testified before this Committee and we heard first-hand the troubling effects of a ransomware attack on a critical infrastructure company. In that ransomware attack, cybercriminals in Russia shut down a major U.S. fuel pipeline for several days, leading to fuel shortages up and down the East Coast.  

“Colonial Pipeline is just one of many recent attacks on companies and public entities. Other recent victims include the world’s largest meat processor, JBS; and a constituent outreach services platform used by the House of Representatives. It appears no one is safe from ransomware attacks. 

“These high-profile ransomware attacks come on the heels of major cyber campaigns against U.S. government agencies and private companies— SolarWinds, Microsoft Exchange, and Pulse Secure. The SolarWinds and Pulse Secure VPN attacks targeted federal agencies, yet it was private sector companies that discovered these intrusions. Despite all the increased funding appropriated for cybersecurity and the bipartisan legislation we’ve worked on here in this Committee, not one of these federal intrusions was discovered by the federal government. 

“As the SolarWinds attack unfolded, it became clear that the Department of Homeland Security—the agency tasked with securing other federal networks—was itself compromised. This included the very agency Ms. Easterly has been nominated to head, CISA. DHS should be an example for federal agencies, but it was hacked. It’s clear that our federal cyber defenses are lacking. 

“The fact the federal government was hacked is not surprising. In June 2019, as the Chairman of the Permanent Subcommittee on Investigations, I released a report with Senator Carper detailing the extensive cybersecurity vulnerabilities of eight federal agencies. Many of these vulnerabilities had remained unresolved for a decade. Ms. Easterly, I am interested in hearing how you plan to ensure federal agencies are secure, and that the data we entrust them with is safe. 

“Also, Congress has just recently created the position Mr. Inglis has been nominated to fill. The National Cyber Director in the White House is tasked with coordinating implementation of national cyber policy and strategy. 

“I have long advocated for a single point of accountability for federal cybersecurity overseeing the federal government’s role, both in ensuring our agencies are secure and in being a good partner with the private sector. I look forward to hearing how Mr. Inglis plans to strike that balance while standing up a brand new office. 

“I also hope to discuss the importance of transparency with Congress today. On April 5 of this year, Chairman Peters and I sent letters to CISA and the Federal Chief Information Security Officer requesting information about the federal response to SolarWinds and accountability for federal cybersecurity. To date, the Federal CISO has only provided us a list of web links. And until earlier this week, CISA had only provided us documents it had already provided to Congress previously.  Many of the documents CISA provided this week also contain unexplained redactions. 

“I appreciate the three of you for being here today, and look forward to your testimony about how your qualifications prepare you for the positions for which you’ve been nominated.”