House lawmakers seek answers on SolarWinds from agency chiefs

More than a dozen lawmakers from both parties on a key House committee are seeking information from multiple cabinet secretaries and agency chiefs that the breach involving SolarWinds Orion has had on their respective organizations.

The letters sent on Wednesday by the House committee on energy and commerce were sent to Commerce Secretary Gina Raimondo, Energy Secretary Jennifer Granholm, Environmental Protection Agency Administrator Michael Regan, Health and Human Services Acting Secretary Norris Cochran and Acting Assistant Secretary of Commerce for Communications and Information at the National Telecommunications and Information Administration Evelyn Remaley.

The lawmakers' questions include whether agencies have been compromised as well as the scope and scale of the breach, actions taken so far to investigate and respond to any compromises and a schedule to mitigate risks.

The lawmakers also want agencies to explain whether their agencies notify other agencies in real time when a cyber threat is detected, how departments assess vendors for cybersecurity risks and if they audit vendors regularly.

A senior administration official told reporters March 12 that the compromised agencies were tasked to have an independent review of their work to ensure hostile actors in their networks have been expelled. Those reviews will be finished by April.

The official added that "we saw significant gaps in modernization and in technology of cybersecurity across the federal government" as the administration has reviewed the impact of the breach.

Separately, the White House said on Wednesday it established a second unified coordination group focused on the government's response to zero-day exploits discovered in Microsoft Exchange. The group also for the first time includes members from the private sector, according to a statement from Press Secretary Jen Psaki.

"The UCG discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners could use for track the incident, going forward," Psaki said.

Psaki also said that Microsoft released a one-click mitigation tool.

The letters to cabinet secretaries and agency chiefs come a day before the Senate Homeland Security and Governmental Affairs Committee plans to hold a hearing about SolarWinds Orion with officials from the Cybersecurity and Infrastructure Security Agency and FBI as well as the federal chief information security officer.

Meanwhile, Homeland Security Secretary Alejandro Mayorkas testified on Wednesday to the House Homeland Security Committee. The hearing, Mayorkas' first since being sworn in as DHS chief, saw only few mentions of cybersecurity.

In written testimony, Mayorkas called out the cybersecurity of industrial control systems as a "top priority."

"The recent intrusion into a water treatment plant in Florida demonstrates a critical need to secure industrial control systems that underpin many essential functions," he wrote.

During the hearing Mayorkas also acknowledged the inability of programs such as Einstein and Continuous Diagnostic and Mitigation to combat the supply chain attack involving SolarWinds and said DHS is "looking intently" at new tools.

Ranking Member Rep. John Katko (R-N.Y.) asked Mayorkas about why the Biden administration has not yet nominated a CISA director. Mayorkas did not directly address the delay except to say that the administration is "very focused" on filling vacancies.

Media reports in February stated Rob Silvers, a lawyer and former Department of Homeland Security official, was slated to be nominated.