RINSE AND REPEAT — Sen. Chuck Grassley (R-Iowa) is ripping into seven federal agencies over their sluggish efforts to lock down the nation’s critical infrastructure from disruptive cyberattacks, according to a round of letters obtained by Morning Cybersecurity. The top Republican on the Senate Budget Committee fired off those missives Friday afternoon to the heads of the departments of Defense, Homeland Security, Energy, Transportation, Treasury, the Environmental Protection Agency and Health and Human Services – all of which have outstanding recommendations from Congress’ watchdog to beef up their cyber defenses. Grassley is hitting the agencies on everything from their processes for reporting cyber incidents to their engagement with private stakeholders. He’s now asking for records detailing how exactly they prioritize risks across sectors like energy, finance and defense that nation-state hackers are actively targeting. — Digging in: Some of the unanswered recommendations from the Government Accountability Office that Grassley highlighted date back years, to the Trump administration. They include a 2019 GAO report that found the EPA has to establish a process for conducting organization-wide cyber risk assessments — which still hasn’t been addressed — and a 2020 warning that the Treasury Department wasn't adequately tracking efforts by banks and other financial firms to lock down their networks. Grassley also revived recent GAO findings that the Defense Department lacks clear policies on reporting cyber incidents impacting its contractors and that the Department of Homeland Security needs to better gauge ransomware readiness across multiple sectors it oversees. The GAO made six recommendations in 2022 that the DOD agreed with and as of Friday, all are still open, according to the letter sent to Pentagon Secretary Lloyd Austin. The DOD declined to comment on correspondence with Congress. “[The] EPA will review the letter and respond through the appropriate channels,” agency spokesperson Nick Conger tells MC. “DHS responds to congressional correspondence directly via official channels,” DHS spokesperson Mia Ehrenberg told MC. “And the Department will continue to respond appropriately to Congressional oversight.” The other agencies did not respond to requests for comment. — One caveat: The senator is only pointing to years-old reports when it comes to the EPA, Treasury and DOD. For the rest of the agencies, including Homeland Security which houses CISA, Grassley is asking for records and redress corresponding to a late January GAO report — around 80 days later. — Reading the tea leaves: The letter barrage shows cyber friends in the executive branch are still struggling to stay ahead of a torrent of hacks on federal agencies, like the SolarWinds supply chain attack, last summer’s email hack on Commerce and State Department agencies from Chinese attackers, Russian criminal groups launching ransomware sprees to Iranian hackers targeting at least 18 industrial control systems on America’s water sector. And that Congress hasn’t forgotten. Still, while the Budget Committee is empowered to oversee the federal budget, it’s the appropriations committees that are the main panels with oversight. “Keeping Americans safe is job one for the federal government. Yet, many of the nine agencies charged with shielding the U.S. from cyberattacks are dragging their feet on GAO’s recommendations,” Grassley tells MC in a statement. “Congress needs to know how those agencies are working to bolster critical infrastructure defense, or whether they’re asleep at the switch.” — Show your work: Grassley set an April 19 deadline for agencies to account for their efforts to address the issues raised by GAO, including details on the number of cyberattacks impacting each critical sector. TURNER DEFENDS FISA — House Intelligence Committee Chair Mike Turner (R-Ohio) forcefully defended the pending FISA legislation in an interview on CNN's "State of the Union" Sunday, pushing back against criticism that the bill allows warrantless surveillance of Americans. "We are not surveilling foreigners in the United States," Turner told host Jake Tapper. "Those individuals who say, 'This is a warrantless search of Americans' data,' are just not telling the truth." — Pump the breaks: The FISA bill up for a House vote this week would renew authorities for U.S. intelligence agencies to conduct surveillance on foreign targets located outside the United States. But lawmakers and civil liberties groups have both raised concerns about the incidental collection of Americans' communications swept up in that surveillance. That includes Republican Sen. Mike Lee (R-Utah), who in a December hearing with FBI Director Christopher Wray called out the spy program for being used by agents to investigate contributors to political campaigns. He also cited a couple of declassified reports that showed the FBI used controversial powers to surveil protesters involved in the Black Lives Matter movement. — In his words: Turner insisted the program is narrowly focused on foreign threats, saying it covers only "a select group of individuals who are a national security threat." "If you're an American and you're corresponding with ISIS, yes, if we're spying on ISIS, your communications are going to be captured," Turner said. "You would want us to do that. All Americans would want us to try to make certain that we keep ourselves safe from these outside terrorist groups and organizations." — Will it pass?: When pressed by Tapper on whether the bill has enough support to pass the House by April 19, Turner expressed confidence: "I think it does. I think it will."
|
No comments:
Post a Comment