Biden DHS, Intel picks stress need to prioritize cybersecurity after SolarWinds hack

President-elect Joe Biden’s nominees to serve as secretary of the Department of Homeland Security (DHS) and as director of national intelligence (DNI) both said Tuesday that if confirmed they will make a priority out of bolstering the nation’s cybersecurity.

DHS nominee Alejandro Mayorkas and DNI nominee Avril Haines each pointed to the specific need to secure the federal government against cyber threats following the recently discovered Russian hack of IT group SolarWinds, which compromised many key federal agencies and potentially thousands of businesses.

“I can assure you that the cybersecurity of our nation will be one of my highest priorities because I concur with you that the threat is real and the threat is every day and we have to do a better job than we are doing now,” Mayorkas said during his nomination hearing before the Senate Homeland Security and Governmental Affairs Committee. 

Haines in her testimony before the Senate Intelligence Committee also described the SolarWinds hack as a “major concern,” but noted that she had not yet received a classified briefing on the incident, which is so far confirmed to have compromised agencies including the Commerce, Defense, Justice, Homeland Security and Treasury departments. 

“I think the Department of Homeland Security already indicated publicly that this is a grave risk,” Haines said. “This an area where we obviously have to focus.”

If confirmed, Mayorkas will head a sprawling department that includes the Cybersecurity and Infrastructure Security Agency (CISA), the main federal group responsible for securing the nation’s critical infrastructure, including elections.

CISA has been without most of its top leaders since November, when President Trump fired former CISA Director Christopher Krebs and three other senior leaders stepped down following pressure from the White House. 

Those moves came after CISA put out a joint statement with other election officials describing the 2020 election as the “most secure in American history,” and after it stood up a “rumor control” webpage to debunk election disinformation and misinformation, much of which came from the president’s supporters. 

When asked by Sen. Rob Portman (R-Ohio), soon to take over as ranking member of the committee, about CISA’s failure to detect the SolarWinds breach’s impact on federal systems, Mayorkas stressed that he would work, if confirmed, to strengthen the agency. 

“CISA must improve the cyber hygiene of the federal government, the many departments and agencies throughout it, it must strengthen the public-private partnership, not only for the benefit of course of the federal government, but the benefit of the private sector itself,” he testified. 

“I think this is going to require an all-of-government approach, and there is a great amount that will rest on the shoulders of CISA, and I hope I have the privilege to lead the department and support CISA in meeting those obligations,” he added.

Mayorkas also promised to review legislation that would create a grant program to help state and local governments fund cybersecurity improvements, with officials increasingly begging for assistance during the COVID-19 pandemic as hackers took advantage of overstressed and vulnerable systems. 

While Mayorkas’s confirmation may be slowed down due to an objection lodged over an immigration-related issue by Sen. Josh Hawley (R-Mo.) on Tuesday afternoon, Politico reported in December that he had been endorsed by almost three dozen top cybersecurity leaders, including former CISA leadership. 

Haines was no less strong on her stance to ensure that cybersecurity-related intelligence issues would be prioritized, and in particular argued in favor of exploring ways to ensure adversaries including Russia would be less tempted to attack the U.S. in cyberspace in the future. 

“I think one of the great challenges that we face in the United States in particular is the asymmetry of the threat in cyber,” Haines testified. “I think it is relatively easy for adversaries to hold at risk what are high value assets to the United States, given how much we rely on cyber to work for our economy, security, for so many different issues, at relatively low risk to them.”

Biden has described the SolarWinds breach as a “grave threat to national security,” and earlier this month gave a speech calling for the modernization of the nation’s defenses to respond to growing threats. He also included more than $10 billion in cyber and information technology funds for the federal government in his $1.9 trillion COVID-19 relief proposal, announced last week. 

Haines voiced support for Biden’s comments last month calling for the U.S. and allied nations to work together to create rules of the road in cyberspace, noting the need for an “imposition of costs” and promising to provide intelligence around attributing cyberattacks if confirmed as DNI.

“I think that working with allies and partners in order to impose costs can actually raise the cost essentially, and therefore help to promote deterrence and pushback,” she testified.