Lawmakers representing the Committee on Oversight and Reform and Committee on Homeland Security recently conducted joint hearings to examine potential actions after cybersecurity incidents impacting government and private sector networks.
The panels detailed the supply chain attacks targeting SolarWinds, Orion Software, and other cyberattacks. Committee on Oversight and Reform Chair Rep. Carolyn B. Maloney (D-NY) released a 23-page presentation from former SolarWinds employee Ian Thornton-Trump highlighting the need for private sector accountability for its role in the attack.
“We must demand better cybersecurity practices from our suppliers, as well as increased information-sharing with the private sector,” Maloney said.
Additionally, lawmakers heard testimony from Sudhakar Ramakrishna, president and CEO of SolarWinds Corporation; Kevin B. Thompson, former Chief Executive Officer of SolarWinds Corporation; Kevin Mandia, Chief Executive Officer of FireEye, Inc.; and Brad Smith, president of Microsoft Corporation.
“Our collective failure to make cybersecurity a central component of our national security – and invest in it accordingly – contributed to the success of the campaign and the difficulty we face in understanding its impact,” said Rep. Bennie G. Thompson (D-MS), chairman of the Committee on Homeland Security.
Mandia emphasized to lawmakers the full scope of the attack remains unknown and indicated it would take time to realize such.