New cyber panel chair zeros in on election security, SolarWinds hack

Rep. Yvette Clarke (D-N.Y.), the new chair of the House Homeland Security Committee’s cyber panel, said she plans to tackle a wide range of cybersecurity challenges, but with an early focus on bolstering election security and responding to a massive hack that has compromised much of the federal government. 

As one of the top cyber experts on Capitol Hill, Clarke’s committee will also have its plate full with figuring out how best to allocate resources to hospitals and schools increasingly targeted by hackers, and helping support the nation’s key cyber agency as it enters its third month without Senate-confirmed leadership.

Clarke told The Hill in one of her first interviews as chair of the Subcommittee on Cybersecurity, Infrastructure Protection and Innovation that the goal is to chart a course that keeps previous mistakes in the past.

“We have to learn from our adverse experiences, and from learning should come innovation, should come a deep desire to make sure that we don’t revisit these types of hardships ever again,” said Clarke, who succeeds Rep. Lauren Underwood (D-Ill.) atop the subcommittee.

Clarke has served as both chair and ranking member of the panel in previous years.

But this time around, she is taking the helm in the midst of an ongoing cybersecurity crisis stemming from the recently discovered Russian hack of IT group SolarWinds. The company counts much of the federal government as customers, with agencies including the Commerce, Defense, Energy, Homeland Security and Treasury departments compromised. 

The breach has since been found to be much wider, with The Wall Street Journal reporting last month that around 30 percent of victims of the breach had no connection to SolarWinds. 

Clarke described the breach as “one of the major areas of focus” for the subcommittee, and said she was working with the committee’s Oversight, Management, and Accountability panel to hold a “robust hearing” in the coming weeks.

“We need to make this a transformational moment, we need to be able to say, ‘There was a pre-SolarWinds and a post-SolarWinds’ so that we’re not dragging our feet in addressing these issues,” Clarke said.

“We know that Russian actors and foreign actors are constantly laying in the cut to steal information to disrupt our way of life,” she added. “Every day that we’re not detecting disruptions in our service or hacking that may be taking place leaves us vulnerable to really horrible things happening.”

One of those vulnerabilities was laid bare this week when officials in Oldsmar, Fla., announced that a hacker had breached and unsuccessfully attempted to poison the town’s water supply, highlighting the 21st century challenges posed by cyberattacks on critical infrastructure.

Clarke, who spoke to The Hill just hours before the Oldsmar incident was made public, said she planned to push for inclusion of cybersecurity improvements in any infrastructure package put forward in the next two years, describing the effort as a “main focus” of the subcommittee.

“We’re talking about an infrastructure bill at some stage, perhaps in the next quarter,” Clarke said. “While nothing can be 100 percent impenetrable, we want to make sure that we have the tools in place to disrupt, to detect, and to protect our critical infrastructure.”

Cyberattacks on other critical organizations, including hospitals and schools, have also posed a persistent challenge. Hospitals in New York and Vermont saw critical services interrupted by hackers last year, and school districts across the nation have dealt with similar cyberattacks as classes moved online.

House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) told The Hill late last year that he intended to reintroduce the State and Local Cybersecurity Improvement Act, a bipartisan bill that would create a $400 million grant program to provide resources to state and local officials to defend against cyberattacks.

“One of the main gaps is the legislation to fund and branch to state and local municipalities,” Clarke said. “They’re a part of our nation’s infrastructure and tend to be the most vulnerable … these are things that we’ll be looking at very early in the tenure of the session.”

Clarke said the state and local cybersecurity legislation, which she is also throwing her weight behind, would be rolled out after Congress passes President Biden’s $1.9 trillion COVID-19 package, which includes over $10 billion in cybersecurity and information technology funds.

One bright spot in the cybersecurity space over the past few months was the lack of incidents during the 2020 elections process, with officials reporting a quieter day than expected in terms of security on Election Day.

Despite the success of security upgrades put into the nation’s elections systems since interference by Russian agents ahead of the 2016 elections, Clarke emphasized that Congress cannot let its guard down.

“Making sure that we continue to strengthen, provide transparency to the American people around the elections is going to be a critical part of our mission that goes to the core of our democracy,” Clarke said. “We’ve got to make sure that we make proper investments so that we don’t leave vulnerabilities hanging out there.”

Many of those cybersecurity concerns are issues that fall under the umbrella of the Cybersecurity and Infrastructure Security Agency (CISA), which Clarke’s subcommittee has jurisdiction over.

CISA is emerging from a bumpy few months that saw former Director Christopher Krebs fired by former President Trump, with several other of its top leaders pressured to step down by the Trump White House after the agency pushed back against disinformation and misinformation regarding the security of the recent presidential election.

Ensuring a stable foundation for CISA, and boosting employee morale, is another topic on Clarke’s to-do list.

“We really need to focus on the workforce, we need to focus on recruitment, retention, and all that needs to happen to give a vision to the workforce and get the buy in so that they are engaged and not hesitant or feeling demoralized by leadership that doesn’t value the work that they have to do,” Clarke said.

With the House Homeland Security Committee set to hold its first cybersecurity hearing of the year on Wednesday, Clarke said there’s no time to waste in tackling their legislative agenda.

“I’m looking forward to really hammering down on those who have been lazy in this space, because there’s no room for a lackadaisical approach,” Clarke said. “We’ve got to be clear-eyed, focused, and I think that we have the wherewithal to do it.”

-Updated at 11:25 a.m.