As officials continue to fret over the possibility of Russian-directed cyberattacks against the U.S., two dozen senators from both parties want to know more about how the Department of Homeland Security and its component agencies are proactively working to harden the digital defenses of the federal government and critical infrastructure.
In a letter to Secretary of Homeland Security Alejandro Mayorkas, the senators request a briefing regarding what DHS — designated last month as the lead agency to coordinate domestic preparedness and response efforts related to the current Russia-Ukraine crisis — is doing to protect agencies, businesses and core services like electricity and internet that Americans rely on.
“Given Russia’s history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its unprovoked invasion of Ukraine,” the senators wrote. As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin’s regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities.”
The DHS agency most responsible for this task, the Cybersecurity and Infrastructure Security Agency (CISA), has been warning the public for months while putting out actionable guidance for hardening systems and meeting with companies from vulnerable critical infrastructure sectors to coordinate further defenses. While the agency has preached caution and is eyeing multiple strains of wiper malware that have been deployed in Ukraine for signs of spillover, CISA Director Jen Easterly and others have also emphasized that there is no specific or credible intelligence about an impending hacking campaign at this time.
Still, Congress — which just increased CISA’s budget in the latest omnibus spending bill and placed the agency at the center of a new mandatory cyber incident reporting law for critical infrastructure — wants to know more about what is being done left of boom.
Specifically, the senators want to know what strategy is in place if U.S. critical infrastructure is targeted by Russian hackers and how the agency is prioritizing the most at-risk organizations or sectors for technical support. They want to know how agency advice is being disseminated throughout the U.S., particularly for smaller businesses that may lack dedicated IT or cybersecurity executives and who aren’t part of the Joint Cyber Defense Collaborative, CISA’s nerve center for engaging with the private sector.
While social media companies have done much over the past six years to rein in coordinated state disinformation campaigns on their platforms, lawmakers want to know how the invasion of Ukraine may have altered or augmented Russia’s disinformation strategy and how DHS is responding. Finally, while CISA and DHS are focused on internal U.S. defenses, the senators also want an update on what is being done to coordinate with NATO allies and Ukraine.
The full letter and list of senators can be found here.