Congress is fed up with a perceived lack of accountability from the federal government over who missed the SolarWinds hack of computer network management software that the federal government said compromised nine federal agencies.
At a Senate hearing on Thursday, Sen. Rob Portman said he has seen a lot of finger-pointing from the federal government about who had responsibility for preventing the likely Russian hack since its disclosure became public late last year.
The Ohio Republican then peppered officials from the FBI, Department of Homeland Security, and Office of Management and Budget present at the hearing to explain who was accountable for cyberattacks.
Christopher DeRusha, OMB federal chief information security officer, listed many agencies as having key roles to play, including FBI, National Security Council staff, Office of the Director of National Intelligence and several other agencies participating in the cyber unified coordination group.
Mr. DeRusha said he thought the federal government worked well together and did not believe there was an issue with the government’s response.
“So if everyone is in charge, no one is in charge, right?” Mr. Portman said. “Who exactly, who is accountable?”
“Senator, again, just to say, every agency has its own role and responsibility in cyber incident response,” Mr. DeRusha said.
Mr. Portman then asked acting Cybersecurity and Information Security Agency Director Brandon Wales who should be accountable for the hacks damaging the government.
“I think ultimately, under [the Federal Information Security Modernization Act], agency heads are accountable,” Mr. Wales said.
Mr. Portman said he was concerned about confusion from the federal government’s leadership and the opportunity for duplicative efforts within the many different agencies.
“Obviously, we had the most massive attack in the history of our government and it went undetected for over a year and it was detected by the private sector not by government and has incurred tremendous damage, we believe,” Mr. Portman said at the hearing.
In the House, lawmakers are similarly frustrated with the federal government’s answers on the fallout from the SolarWinds hack. A bipartisan coalition of 14 House Energy and Commerce Committee lawmakers wrote to Biden administration officials and Cabinet officers on Wednesday seeking answers to basic questions such as, “Has your department been impacted by the compromise?”