House Services Committee leaders urge sound cybersecurity policy following hack

The House Armed Services Committee leaders are sounding the alarm for the need for a sound cybersecurity policy following the breach of the SolarWinds breach that has impacted several federal agencies.

SolarWinds is a provider of IT infrastructure management software, which is used by several federal government agencies. The software was part of the massive hack that came to light earlier this month, which U.S. intelligence officials, as well as Secretary of State Mike Pompeo indicate, was perpetrated by Russia.

SolarWinds issued a statement, confirming they were the victim of a cyberattack that inserted malware into its Orion Platform software, which could potentially allow an attacker to compromise the server on which the Orion products run. SolarWinds called it a “very sophisticated supply chain attack,” designed to attack subsequent users of the software. SolarWinds said it has removed the software builds known to be affected by malware, or sunburst, from its download sites. It also made recommendations for customers who may have been impacted.

Reps. Adam Smith (D-WA), chair of the House Armed Services Committee, and Jim Langevin (D-RI), chair of the Intelligence and Emerging Threats and Capabilities Subcommittee, issued a statement on the breach and its consequences.

“The pervasive access enabled by the SolarWinds supply chain compromise is deeply disturbing. The SolarWinds cyber operation bears every hallmark of sophisticated nation-state activity that can undermine our national security, and it is imperative that Congress move forward with oversight to understand the impacts and root causes of this campaign. Thankfully, the House Armed Services Committee is well-equipped to conduct such oversight. In fact, many of the provisions in this year’s defense authorization bill, currently awaiting the President’s signature and widely regarded as one of the most significant cybersecurity bills Congress has ever considered, are immediately responsive to SolarWinds-like incidents,” they said.

The lawmakers said it is more important than ever to improve the security of the nation’s information and communications technology infrastructure in light of the SolarWinds incident and the risk it poses to the nation.

“Each year, the National Defense Authorization Act addresses an increasing number of cyber- and technology-related issues,” the legislators said. “As capabilities powered by sophisticated artificial intelligence and machine learning become central to the warfighter, oversight of the cyber domain will become increasingly important. In the FY21 NDAA alone, Congress addressed so many cyber-related issues that an entirely new Title was added to accommodate them.”

In this Congress alone, the Subcommittee on Intelligence and Emerging Threats and Capabilities has held various hearings on cybersecurity-related topics. In the FY 2020 National Defense Authorization Act, there were 87 separate provisions squarely focused on cyber- and technology-related matters.

“The subcommittee played a leading role in advancing several significant legislative proposals based on actionable recommendations from the Cyberspace Solarium Commission for a cybersecurity posture based on the strategic vision of layered cyber deterrence,” they continued. “Among these critical provisions is the National Cyber Director Act, which would establish a Senate-confirmed position within the Executive Office of the President with budgetary and policy authority to break down silos. The National Cyber Director would also play a key role in coordinating national incident response efforts, like those happening right now.”