House Lawmaker Proposes Bill Requiring CISA to Create SolarWinds Hack Report
The bill tasks the Cybersecurity and Infrastructure Security Agency with creating a report outlining the impact of the hack on federal information systems, federal agencies and other critical infrastructure. Among other things, CISA must identify which systems were accessed and compromised, what information was exploited and if there are still some aftereffects that could affect national security.
The report must also include updates on efforts to implement President Joe Biden’s cybersecurity executive order and recommendations on addressing existing gaps that led to the SolarWinds breach. The report will be sent to the House Homeland Security Committee and the Senate Homeland Security and Governmental Affairs Committee.
Torres proposed the bill as an amendment to the fiscal year 2023 National Defense Authorization Act.
The introduction of the proposal follows an earlier cybersecurity amendment plan that aims to address gaps across the Department of Homeland Security more broadly. That proposal includes a rewrite of the DHS’ acquisition authorities to focus on supply chain, cybersecurity and software risks.
Cybersecurity firm FireEye in December 2020 initially discovered the SolarWinds hack. According to a joint intelligence bulletin posted in January 2021, the hack most likely came from a Russian state-sponsored group that was able to install malware into around 18,000 SolarWinds Orion users, including those from the departments of the Treasury, Justice, Commerce and Energy.
Tags: cybersecurity Cybersecurity and Infrastructure Security Agency FCW Office of the National Cyber Director Ritchie Torres SolarWinds