Senate Committee Seeks Accountability Over SolarWinds Hack
Members of the Senate Homeland Security and Government Affairs Committee pressed a panel of leading government cybersecurity officials for accountability over the recent SolarWinds Orion hack.
The panel consisted of Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency; Chris DeRusha, the federal chief information security officer; and Tonya Ugoretz, a senior cybersecurity official at the FBI, all of whom struggled to identify who should be held accountable for the breach.
The officials did not pin the blame on a specific person or program, arguing that each agency has its own roles and responsibilities when defending and responding to incidents like the SolarWinds hack, FCW reported Thursday.
CISA’s Einstein program was a key topic in the hearing. In particular, Sen. Gary Peters suggested that Congress look into the program when it comes up for reauthorization in December 2022.
In response, Wales acknowledged the limitations of the Einstein intrusion detection system, saying it was not designed to combat an incident such as SolarWinds. However, he told lawmakers that Einstein was able to fight off threats that it was designed to combat.
According to Wales, stopping a similar breach would require the government to retain Einstein’s perimeter security capabilities and supplement it with new tools that would allow for security detection inside networks.
The acting CISA director added that the agency is looking to purchase tools for endpoint threat detection to prevent a future supply chain attack.
During the hearing, lawmakers also inquired about the implementation of CISA’s Continuous Diagnostics and Mitigation program.
Wales said most federal agencies have already deployed the CDM tools while some still need assistance.
Tags: Brandon Wales Chris DeRusha CISA cybersecurity FCW Gary Peters Senate SolarWinds Tonya Ugoretz