Post-hack report

House Lawmaker Proposes Bill Requiring CISA to Create SolarWinds Hack Report

Rep. Ritchie Torres, the vice chairman of the House Homeland Security Committee, has introduced a piece of legislation that would shed more light on the SolarWinds Orion hack.

The bill tasks the Cybersecurity and Infrastructure Security Agency with creating a report outlining the impact of the hack on federal information systems, federal agencies and other critical infrastructure. Among other things, CISA must identify which systems were accessed and compromised, what information was exploited and if there are still some aftereffects that could affect national security.

CISA must work with the Office of the National Cyber Director in creating the report, FCW reported.

The report must also include updates on efforts to implement President Joe Biden’s cybersecurity executive order and recommendations on addressing existing gaps that led to the SolarWinds breach. The report will be sent to the House Homeland Security Committee and the Senate Homeland Security and Governmental Affairs Committee.

Torres proposed the bill as an amendment to the fiscal year 2023 National Defense Authorization Act.

The introduction of the proposal follows an earlier cybersecurity amendment plan that aims to address gaps across the Department of Homeland Security more broadly. That proposal includes a rewrite of the DHS’ acquisition authorities to focus on supply chain, cybersecurity and software risks.

Cybersecurity firm FireEye in December 2020 initially discovered the SolarWinds hack. According to a joint intelligence bulletin posted in January 2021, the hack most likely came from a Russian state-sponsored group that was able to install malware into around 18,000 SolarWinds Orion users, including those from the departments of the Treasury, Justice, Commerce and Energy.