Data Security

Grassley wants more details on breach of CISA system

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

An influential U.S. senator wants to grill the Cybersecurity and Infrastructure Security Agency (CISA) on its response to a January data breach on its network.

Sen. Chuck Grassley, R-Iowa, said that the Department of Homeland Security cybersecurity agency was not transparent enough in its report on the breach of its Chemical Security Assessment Tool (CSAT) service.

In an open letter to CISA Director Jen Easterly, the senator said that the agency did not provide enough information about the breach, which saw details on some 100,000 people exposed to threat actors.

“On March 4, 2024, I wrote you regarding the protection of critical infrastructure and CISA’s prioritization of misinformation and disinformation over the protection of our nation’s critical infrastructure,” Grassley wrote.

“On April 29, 2024, CISA provided a response that failed to fully answer all the questions.”

Specifically, Grassley asked the agency to provide more detail on the extent to which the hackers were able to access the CSAT systems. This includes what services, devices and databases were exposed.

Additionally, Grassley wants information about what CISA knew before and after the breach, including any information the agency had about the vulnerable Ivanti components and a precise timeline on when it became aware of the broader Ivanti attacks and the CSAT breach in particular.

“Has CISA identified who or what entity or organization perpetrated the attacks?” Grassley asked.

“If so, who or what entity or organization was the orchestrator of the attack and what is being done about it?”

Grassley, who is the ranking member of the Senate budget committee, gave Easterly a July 17 deadline to responds to the request.

The January breach compromised CSAT, an essential service for the DHS Chemical Facility Anti-Terrorism Standards program. The breach was traced back to exploitation of vulnerabilities in the Ivanti Connect Secure VPN appliance that allowed unauthorized users to take over the systems via memory heap overflow errors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.