Senators want federal government to take accountability for SolarWinds hack

The leadership of the Senate Homeland Security and Governmental Affairs Committee wants the Biden administration to take accountability and provide more information on the SolarWinds hack of computer network management software afflicting the government.

The federal government has said the hack — publicly disclosed last year — compromised nine federal agencies, but the Democratic and Republican leaders of the homeland security committee want more details about whose accounts and systems were compromised.

Sens. Gary Peters, Michigan Democrat, and Rob Portman, Ohio Republican, wrote to the Office of Management and Budget expressing concern that the federal government has not properly taken accountability for the SolarWinds hack. 

“It is important that there be a single point of accountability for leading response efforts to prevent confusion and duplication. We are concerned this level of accountability is currently lacking,” wrote Mr. Peters and Mr. Portman to OMB’s federal chief information security officer Christopher DeRusha.

The duo requested OMB provide a list of roles and responsibilities for cybersecurity across the federal government so the senators can understand who has responsibility for cybersecurity issues. 

Congress previously created a Senate-confirmed “National Cyber Director” position appointed by the president in a 2020 defense bill. Late last month, House Committee on Oversight and Reform chair Carolyn B. Maloney, New York Democrat, wrote President Biden to ask that he prioritize nominating someone to fill the position. 

The position remains vacant, but Mr. Biden has tapped Anne Neuberger, deputy national security adviser for cyber and emerging technology, to oversee the federal government’s response to the SolarWinds hack. 

Alongside Mr. Peters and Mr. Portman’s letter to OMB, the bipartisan duo also sent a letter on Tuesday to Cybersecurity and Infrastructure Security Agency acting director Brandon Wales seeking details on the Department of Homeland Security’s existing cybersecurity strategy and implementation plan.