President-Elect Joe Biden's nominee to run the Department of Homeland Security told a Senate panel on Tuesday that if he is confirmed as secretary, he will closely examine breach by Russian actors of some federal networks to see whether programs designed to defend against these hacks work as intended and whether additional defenses are needed.
Alejandro Mayorkas said he would "avail" himself to latest intelligence about the hack, which U.S. government security agencies believe was likely backed by Russia, to conduct a "thorough review" of the department's two key programs aimed at detecting and preventing such intrusions, the EINSTEIN and Continuing Diagnostic and Mitigation (CDM) programs.
Mayorkas said he wants to "understand" if EINSTEIN and CDM "are appropriately designed and appropriately and effectively executed to stop" such a hack "and if not, what other defense need we develop in the federal government to best protect our very valuable equities and resources."
EINSTEIN essentially provides federal civilian agencies with intrusion detection and prevention measures against known cyber threat indicators and CDM provides agencies with greater situational awareness of their cyber security posture and tools to mitigate, and respond to, attacks.
The recently disclosed cyber breach was conducted using a new malware variant that hadn't been seen before, making it more difficult to detect. The intrusion was first disclosed by the cyber security firm FireEye [FEYE], which itself had been breached. In addition to a number of federal networks, private sector systems were also hacked.
Both EINSTEIN and CDM are overseen by the DHS Cybersecurity and Infrastructure Security Agency (CISA). Sen. Rob Portman (R-Ohio.), who chaired the Homeland Security and Governmental Affairs Committee hearing, said he believes CISA is "stretched too thin" and that overall the federal government "is not well prepared to deal with these kinds of breaches that are going to be increasingly a challenge for us."
Portman said CISA needs to have a more focused mission and resources to coordinate the federal government against cyber threats.
In response to questions by Sen. Mitt Romney (R-Utah) about taking the cyber security efforts of DHS to a "whole different level" to protect the U.S., Mayorkas replied that "the cyber security of our nation will be one of my highest priorities." He said he agrees with Romney that "the threat is real, that the threat is every day, and we have to do a much better job than we are now."
The cyber attack hack into federal agencies and private companies was done through a network management software supplied by SolarWinds Inc. [SWI]. Mayorkas said that "CISA must improved the cyber hygiene of the federal government" and "must strengthen the public-private partnership" as well.
The committee under incoming Chairman Gary Peters (D-Mich.) and Portman, who will become ranking member, plans to investigate and hold hearings related to the SolarWinds intrusion.
Peters, who is expected to become chairman following the swearing in on Wednesday of Biden as president and Kamala Harris as vice president, will likely ask the Senate to vote on the nomination that afternoon.
Peters, his fellow Democrats and Biden want the Senate to fast-track the vote on Mayorkas but that may not happen. At least some Republican opposition is expected, which might force Peters to have the committee first vote on the nomination before sending it to the full Senate for a vote.
Republican concerns with Mayorkas stem from in investigation into his handling of an immigrant investment visa program during his time as director of U.S. Citizenship and Immigration Services in the first half of the Obama administration.
Portman quoted from the 2015 DHS Inspector General's report on the investigation saying that "'Mr. Mayorkas communicated with stakeholders on substantive issues, outside of the normal adjudicatory process, and intervened with career USCIS staff in ways that benefited stakeholders. In each of these three instances, but for Mr. Mayorkas' intervention, the matter would have been decided differently.'" Portman continued that the "Inspector General found ‘The juxtaposition of Mr. Mayorkas' communication with external stakeholders on specific matters outside the normal procedures, coupled with favorable action that deviated from the regulatory scheme designed to ensure fairness and evenhandedness in adjudicating benefits, created an appearance of favoritism and special access.'"
Portman pointed out that some of the stakeholders that received special access included well connected Democrats such as former Senate Majority Leader Harry Reid (Nev.), former Gov. Ed Rendell (D-Pa.), former Gov. Terry McAuliffe (D-Va.), and Anthony Rodham, the brother of Hilary Clinton.
When Mayorkas was later confirmed by the Senate to be the DHS deputy secretary during the second half of the Obama administration, no Republicans voted in favor.
Mayorkas responded that he cooperated with the IG's investigation at the time and like he did at his confirmation hearing to be the deputy secretary, said he was working to fix a broken immigrant investor visa system. Mayorkas said he stepped in to fix problems with the program in these and other instances on behalf of Democrats and Republicans in Congress and "every corner of the business community," noting he heard of problems with the EB-5 program "almost every single day" he led USCIS.
Asked by Sen. Maggie Hassan (D-N.H.) about the potential for DHS to stand up a cyber security grant program for state and local governments to draw on, Mayorkas said he would consider such a program. He also highlighted information sharing, such as propagating best practices among state and locals, as part of the solution to strengthen their cyber security postures.