Lawmakers have been urging the Biden administration to develop a strategy first mandated in the Fiscal 2021 NDAA.
A Republican lawmaker pressed Department of Homeland Security Secretary Alejandro Mayorkas Tuesday for updates of a plan to keep the U.S. economy functioning in the potential wake of a major cyberattack, as the administration faces a deadline next month to release its official strategy.
During a hearing on threats to the homeland, Rep. Andrew Garbarino (R-N.Y.), ranking member of the House Homeland Security Committee’s subcommittee on cybersecurity, demanded a response to letters he sent Mayorkas and Cybersecurity and Infrastructure Security Agency Director Jen Easterly nearly a year ago about the development of the Continuity of the Economy plan. The fiscal 2021 National Defense Authorization Act (NDAA) directed the administration to create the new policy by Jan. 1, 2023.
“We’re now a little bit over a month before the deadline and we have yet to receive any information on where CISA or the department is on the Continuation of the Economy plan,” Garbarino said. “The development of the Continuation of the Economy plan is a national security imperative for the safety, security and prosperity of the U.S. economy.”
Mayorkas told the congressman he will follow up and respond “swiftly”. Asked for a timeline on when the secretary can provide Congress with a response, Mayorkas repeated that he will follow up “very quickly,” though he declined to provide additional details.
The exchange reflected struggles some lawmakers on both sides of the aisle have faced in getting answers from the administration on its forthcoming COTE plan, which is meant to serve as a foundational defense in the event of a major critical infrastructure attack.
Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee, and ranking member John Katko (R-N.Y.), penned a May 2021 letter to President Joe Biden following the Colonial Pipeline ransomware attack and urged him to "jumpstart implementation" of the NDAA authorities "and appropriately leverage existing work underway in the process" to develop the COTE plan.
"Last week, we witnessed the exact reason this provision was enacted into law and why we supported it," the joint letter said. "The question now becomes one of implementation. In the wake of the Colonial ransomware attack and its cascading effects along a large portion of the United States, we believe the administration should act expeditiously to use this authority to ensure the resiliency of the economy.”
The Cyberspace Solarium Commission previously recommended the federal government implement a COTE plan, writing in its 2020 report that an official plan signals to "adversaries that we, as a society, will survive to defeat them with speed and agility if they launch a major cyberattack against us."
The White House authorized CISA to develop the plan nearly 15 months after it was included in the NDAA, a move Garbarino said was responsible for “pretty much setting up the agency for failure” due to the fast-approaching deadline.
DHS and CISA did not immediately respond to requests for comment.