Lankford Pushes Strengthened Security Against Ongoing Cyber Attacks From Russia
CLICK HERE to watch Lankford’s Q&A on YouTube.
WASHINGTON, DC – Senator James Lankford (R-OK) today participated in a Senate Homeland Security and Governmental Affairs Committee hearing entitled, “Prevention, Response, and Recovery: Improving Federal Cybersecurity Post-SolarWinds,” in which Lankford asked questions about cyber security readiness in the wake of ongoing threats from ransomware and other cyber-attacks, including the recent Colonial pipeline. The hearing focused on the late-2020 Russian attack on the SolarWinds Orion cyber supply chain that, over time, was determined to have impacted numerous federal agency networks.
In June 2018, following national security issues from the use of Kaspersky and ZTE cyber security products, Lankford introduced a bill to ensure government agencies consider the supply chain risks to national security and the public interest when buying information technology (IT). Lankford later questioned Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) leadership on cyber threats we face from China, Russia, and other bad actors.
Witnesses at today’s hearing included Brandon Wales, who serves as Acting Director of the Cybersecurity and Information Security Agency (CISA) under DHS; Ryan Higgins, who is the Chief Information Security Officer at the Department of Commerce; and Janet Vogel, the Chief Information Security Officer at the Department of Health & Human Services.
Lankford: So the challenge is the vulnerability here, as we walk through this, because had FireEye not found this and said, ‘This is in our system. We’ve experienced an attack on it,” and then started to try and figure out where it came from and realizing that it could be in a lot of other places, they had it, and it was in other places as well. The challenge we have is how do we actually get onto this earlier and what systems do we have in place. Now, I understand zero-day attacks and that there are some things that are entirely novel. I get that—as this was—through the process. But when I go through your testimony earlier and what your written testimony is, there’s a lot of detail about the response, and it seems to be very detailed, that CISA’s work in response to this campaign has four lines of effort, scoping, sharing the information-detection techniques, short-term remediation, and long-term strategic recovery. You’re very focused on what happens after the fact. My question is: are we that focused on before, on detection? Walk me through the process that CISA has in place in working with contractors and with government entities to be able to help determine things in advance. I know they’re there. Walk me through those.
Wales: Sure, so I think there are approaches that we’re taking now, and there are additional ways in which we want to improve on our ability to detect compromises earlier. So, right now, the federal government, as you know, deploys technology on the perimeter of the federal enterprise, looking for signatures of known malicious activity. When we get those, we then work with the agency where that incident is being targeted to look inside of their systems. What are they seeing, because they have deeper insight in terms of what is happening in their individual networks.