Communications Litigation Today was a Warren News publication.
Hacks 'Very Disconcerting'

Senate Homeland Security Probing SolarWinds Attacks; Hearing Possible

The Senate Homeland Security Committee is investigating the SolarWinds cyberattack and exploring a potential hearing, Chairman Gary Peters, D-Mich., told us: “We’re going to do an investigation, look into that and look at a potential hearing.” Microsoft, Google, FireEye and several federal agencies were potentially exposed in the Russia-linked attack (see 2101190067).

It proves “once again” that the government isn’t “particularly adept at this, but in this case, nor was the private sector,” Senate Homeland Security Committee ranking member Ron Johnson, R-Wis., told us. “These are software companies. If any business ought to be able to install the security needed to keep their cyber access safe, you’d think it would be the top flight private sector software companies, and they weren’t even able to do it.”

The attack will be “one of the first things we talk about” after committee assignments are determined, said Sen. Tom Carper of Delaware. He's top Democrat on the Permanent Subcommittee on Investigations and spoke in an interview.

It’s the whole supply chain issue that we’ve been aware of, and somebody pulled it off,” said Johnson. “It’s very disconcerting, and I think it’s going to take months, if not years, to fully understand what all happened and what kind of damage was done.”

Johnson said he “doesn’t have a problem” with the White House putting someone in charge of cyber policy. Congress recently passed a provision signed into law with the National Defense Authorization Act to reestablish a national cyber director within the White House. “I don’t want duplication of efforts, but we really need somebody to be held accountable, quite honestly,” said Johnson. President Joe Biden reportedly expects to appoint Jen Easterly, a former special assistant to the president on the National Security Council, as national cyber director.

Congress has to get “organized so we can get going on it,” said Sen. James Lankford, R-Okla. “There’s a lot that needs to be covered.” Congress should respond “with anger” and determination to “get to the bottom of it, find out who’s responsible and make sure it doesn’t happen again,” said Carper.

The SolarWinds attack was unique given its breadth, depth and range of targets, said Mintz’s Brian Lam, who noted the impact on FireEye and other “top flight” software and security companies. “The attackers were able to access certain internal tools, and those tools are used for testing the cybersecurity operations of clients,” which aren’t necessarily publicly available, he said. “It’s kind of like being able to access a lockpicking set from a locksmith that wouldn’t be available to the public.” The attacks should make privacy and cybersecurity legislation even more of a priority this Congress, he said.

Yvette Clarke, D-N.Y., is now chair of the House Cybersecurity Subcommittee, her office announced Monday. “Our society is more technologically reliant than ever before and the spread of false, deceptive, or misleading statements, information, acts, or practices, amplified by the use of technology and social media, threatens the integrity of democratic institutions,” she said. Clarke succeeds Rep. Lauren Underwood, D-Ill.

Rep. Andrew Garbarino, R-N.Y., will be ranking member, House Homeland Security Committee ranking member John Katko, R-N.Y., announced last week. Rep. Clay Higgins, R-La., remains top Republican on the House Border Security Subcommittee. Rep. Kat Cammack, R-Fla., will lead the Emergency Preparedness Subcommittee for Republicans. Rep. Carlos Gimenez, R-Fla., will lead the Transportation Subcommittee. Rep. August Pfluger, R-Texas, will lead the Intelligence Subcommittee for the GOP, as will Rep. Peter Meijer, R-Mich., for the Oversight Subcommittee.