WASHINGTON – Today, U.S. Senator Maggie Hassan (D-NH) pressed key administration officials on steps that the federal government can take to improve cybersecurity following the SolarWinds, Microsoft Exchange, and Colonial Pipeline breaches. Senator Hassan serves as the Chair of the Committee’s Emerging Threats and Spending Oversight Subcommittee.
To watch the Senator’s questioning, click here.
During her questioning, Senator Hassan highlighted the bipartisan Advancing Cybersecurity Diagnostics and Mitigation Act that she previously introduced with Senator John Cornyn (R-TX). The bill would codify and expand the Continuous Diagnostics and Mitigation (CDM) program. CDM provides a suite of cyber capabilities to provide real-time, continuous monitoring of the networks of federal agencies, and can serve as foundation upon which the federal government can build further capabilities to secure federal networks.
Senator Hassan asked Janet Vogel, Chief Information Security Officer at the Department of Health and Human Services, how CDM currently factors into plans to improve her agency’s cybersecurity.
“As we have implemented the different aspects of CDM, we’re getting more information more timely,” said Vogel. “And that means we can respond to anything that we see going on, on our network or anywhere else. We see that faster, we can respond faster. That helps mitigate any of the potential damage. So we’re very encouraged by the success of CDM so far, and we are looking forward to the expansion to help us manage the cybersecurity risks in HHS.”
Ryan Higgins, Chief Information Security Officer at the Department of Commerce, also agreed that CDM is critical in improving cybersecurity at federal agencies.
In addition, Senator Hassan asked Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, about strengthening cyber workforce recruitment. Wales responded that the agency is using different recruitment avenues, including an honors program focused on new graduates and recruiting events at minority-serving institutions.
Senator Hassan is working on a bipartisan basis to strengthen cybersecurity infrastructure within the federal government. Senators Hassan and Rob Portman (R-OH) passed into law the bipartisan Hack DHS Act that establishes a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – that uses vetted “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the Department of Homeland Security (DHS) networks and information technology. The Senators also passed into law their bipartisan Public-Private Cybersecurity Cooperation Act, which complements the Hack DHS Act by requiring DHS to establish a cyber-vulnerabilities disclosure program so that vulnerabilities in DHS’ cyber systems can be easily reported and fixed.