WASHINGTON – During a Senate Homeland Security Committee hearing, U.S. Senator Maggie Hassan (D-NH) pressed top administration officials on the need to strengthen cybersecurity across all levels of government and the private sector following the SolarWinds and Microsoft Exchange breaches. Senator Hassan serves as the Chair of the Committee’s Emerging Threats and Spending Oversight Subcommittee.
To watch Senator Hassan’s questioning, click here.
During her questioning, Senator Hassan highlighted how the Microsoft Exchange attacks have impacted state and local governments: “The Microsoft Exchange attacks have heavily impacted state and local governments, which don’t have the same resources or capacity to respond to cyberattacks as the federal government does. I’m concerned about the impact of these attacks on state and local entities, particularly when there are reports of China-based threat actors exploiting this vulnerability pretty much at will.”
Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), agreed with Senator Hassan that bolstering cybersecurity at the state and local level must be a priority. Wales discussed his willingness to work with Congress on stand-alone cybersecurity grant funding for state and local governments, which is something that Senator Hassan previously called for during a hearing with DHS Secretary Alejandro Mayorkas earlier this year.
Senator Hassan also emphasized the need to improve the Continuous Diagnostics and Mitigation (CDM) program within CISA, which helps federal agencies secure their networks and detect breaches.
“It’s clear that we need to improve the CDM program and build additional layers of protection on top of it – but before we can make those much-needed enhancements, we need CDM to be fully implemented in the first place. That’s why Senator Cornyn and I introduced a bill last Congress to codify CDM,” said Senator Hassan.
CISA Acting Director Wales discussed the importance of CDM in helping federal agencies secure their networks, and shared that CISA is working with agencies that are encountering difficulties with deploying CDM.
He also discussed limitations within the CDM program that prevent CISA from being able to see into agencies’ network devices, which has limited CISA’s ability to comprehensively understand cyber risks and better secure federal agencies’ online systems.
Christopher DeRusha, Federal Chief Information Security Officer at the Office of Management and Budget (OMB) agreed: “This is a priority for both CISA and OMB to ensure that CDM is effectively delivered.”
Wales also discussed building on CDM to further strengthen the government’s cybersecurity through funding included in the American Rescue Plan.