Rep. Ritchie Torres, D-N.Y., introduced legislation on July 1 that would require the Cybersecurity and Infrastructure Security Agency (CISA) to investigate and report on the impact of the 2020 SolarWinds cyberattack on Federal agency networks and U.S. critical infrastructure.
The Building Cyber Resilience After SolarWinds Act would direct CISA to work in consultation on the report with the National Cyber Director and the heads of other relevant Federal departments.
The incident, first discovered in December 2020, involved Russian government-backed hackers exploiting vulnerabilities in software made by SolarWinds. The attack compromised nine Federal agencies, including the Department of Homeland Security (DHS), along with at least 100 private sector groups.
Soon after the SolarWinds attack, CISA reported that threats to government networks caused by the attack pose a “grave risk” to Federal government, state, tribal and territorial governments, critical infrastructure entities, and other private-sector organizations.
The attack became one of many key motivators to the Federal government’s subsequent push for improving U.S. cybersecurity. Rep. Torres had previously introduced legislation to strengthen software and information technology supply chains at DHS and to help protect against attacks like the 2020 SolarWinds hack.
The DHS Software Supply Chain Risk Management Act passed the House overwhelmingly by a vote of 412-2, last year, but has yet to receive consideration by the full Senate.
“As cyberattacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its networks and enhance its visibility into information and communications tech or services that it buys,” Rep. Torres previously stated in a statement. “As a Federal leader in the cybersecurity space, DHS must set an example by modernizing how it protects its networks.”