Lawmakers question impact of SolarWinds hack on US attorneys’ offices

A group of House and Senate lawmakers from Florida are looking for answers around the effect of last year’s SolarWinds breach on U.S. Attorneys’ Offices (USAOs) and on the way the Justice Department approaches cybersecurity.

The bipartisan group, led by Senate Intelligence Committee Vice Chairman Marco Rubio (R-Fla.), sent a letter to Attorney General Merrick Garland on Tuesday questioning him over reports earlier this year that the SolarWinds breach had impacted email servers of 27 USAOs around the country.

“The DOJ confirmed the breach affected 80 percent of Microsoft email accounts used by USAO employees in New York, but did not provide additional information on the extent of the hack or its effect on Florida USAOs or offices in other identified states,” the lawmakers wrote. “This announcement is alarming as USAO email servers contain highly sensitive information.”

The Northern District of Florida was among the U.S. Attorney’s Offices that had email accounts compromised as part of the breach. The over a dozen lawmakers who signed the letter all represent Florida, where they noted that the offices are “responsible for the prosecution of some of the most significant federal crimes, including crimes related to drugs and trafficking.”

The hack of IT company SolarWinds was discovered in December, and involved Russian government-linked hackers compromising nine federal agencies, including the Justice Department, and around 100 private sector groups for most of last year. President Biden levied sanctions on Russia in May in retaliation for the hack.

The lawmakers — who also included Sen. Rick Scott (R-Fla.), Rep. Stephanie Murphy (D-Fla.) and 10 House Republicans — underlined the severity of the breach in questioning Garland on how he planned to shore up the Justice Department’s cybersecurity. 

“Over the last year, there has been a drastic increase in the number of cyberattacks against American businesses and governments,” the lawmakers wrote. “The wide-ranging SolarWinds breach exposed that even the highest levels of the federal government are at risk for cyberattacks.”

The Justice Department did not respond to The Hill’s request for comment on the letter.

The agency has taken a series of actions in recent months to shore up cybersecurity. These include the establishment of a Ransomware and Digital Extortion task force in April, and more recently the announcement of a cybersecurity fellowship program to train prosecutors on how to handle cybersecurity cases. 

The Justice Department also requested $1.1 billion as part of its fiscal 2022 budget request to enhance cybersecurity and fight cyber crime, a more than $150 million increase from the previous year, which would mark the largest increase in cyber funds at the agency in over a decade. 

Garland testified to a Senate Appropriations Committee subcommittee in June that cyber threats constituted a “very, very serious threat,” pointing to recent debilitating ransomware attacks on Colonial Pipeline and meat producer JBS USA. 

“This is getting worse and worse, and we have to do everything we possibly can here,” Garland testified. “I’m very worried about it, and so is the administration, and that is why we have asked for such a large increase in our cyber budget.”