Department of Homeland Security (DHS) Secretary Alejandro Mayorkas addressed a range of questions about the nation’s cybersecurity and spoke on how to better secure Federal networks in a March 17 House Homeland Security Committee hearing.
The hearing was the first congressional appearance for Mayorkas since he was confirmed Feb. 2.
While the four-hour hearing primarily focused on the southern border and DHS’ response to the Jan. 6 U.S. Capitol riot, Mayorkas testified at length on how DHS and its Cybersecurity and Infrastructure Security Agency (CISA) component are responding to the SolarWinds Orion and Microsoft Exchange cyber attacks, and how to prevent them moving forward.
“The recent cyber attack campaigns exploiting SolarWinds and Microsoft highlight the significant cybersecurity challenges our nation faces,” Mayorkas said in prepared testimony. “Beyond cyber espionage, cyber attacks can paralyze companies and entire cities and are among the most serious security threats our country confronts.”
Mayorkas’ prepared testimony also included details on DHS’s own vulnerabilities to the SolarWinds Orion hack and the department’s plans for mitigating risks going forward. He revealed that DHS was itself compromised in the hack, though no public-facing properties were affected. Mayorkas said he has no further indications of DHS networks being compromised.
Mayorkas also expressed pride in how CISA worked with state, local, tribal, and territorial governments to secure the 2020 election and concern for the implications of the recent Florida water plant hack. Mayorkas also mentioned the need for permanent leadership at CISA, while praising the work Brandon Wales has done in heading CISA in an acting capacity.
“We’re very focused on filling the vacancies of leadership across the department,” Mayorkas said Wednesday. “It’s an issue that I work with the White House on every single week. And as a matter of fact, I’ve had a conversation yesterday on that very subject. … We do need a politically appointed Senate-confirmed leadership in a number of positions throughout the Department of Homeland Security. We are very fortunate to have extraordinary talent in an acting capacity.”
Committee Chairman Rep. Bennie Thompson, D-Miss., minced no words and put the onus on the Trump administration for many of the shortcomings facing DHS today.
“Americans continue to pay the price for these failures [of the prior administration], with over half a million dead from COVID-19, experts struggling to understand the scope of the SolarWinds hack, and an unprecedented surge in domestic terrorism,” Thompson said in a prepared opening statement. “This will be no easy task, and Congress should be focused on ensuring the Department has the resources and authorities to do so.”
Among those resources is $650 million appropriated for CISA by the recently passed American Rescue Plan. Mayorkas expressed gratitude for the funding in his prepared testimony, as well as in response to questions about the technologies and processes being used to protect the nation’s critical infrastructure. Mayorkas said some of that funding will be used to explore and implement new technologies to work alongside systems like EINSTEIN and the Continuous Diagnostics and Mitigation (CDM) program.
In response to a question concerning how DHS is coordinating with the White House and the cabinet, Mayorkas referred members to the public-private partnership that DHS heads, as well as a recent meeting with Anne Neuberger, who is heading up the White House response to the SolarWinds Orion hack.
“This is really, it’s not just an all of government effort … it’s an all of nation effort because here in cybersecurity we say that we are only as strong as our weakest link,” Mayorkas said. “And so I share your view that we must work, all of us together in partnership to address the challenge.”