Key Cyber Takeaways from the Senate Hearing on Biden’s Nominee for DHS Secretary
On January 19, 2021 the Senate Homeland Security and Government Affairs Committee (HSGAC) held a hearing on the nomination of Alejandro N. Mayorkas to be the Secretary of the Department of Homeland Security (the Department or DHS).
Public-Private Partnerships Will Continue to be of Crucial Importance for DHS and CISA. In his opening statement, Mayorkas underscored the critical importance of public-private partnerships to the DHS and Cybersecurity and Infrastructure Security Agency (CISA) missions stating that: DHS is “fundamentally a Department of partnerships,” and “to enhance our cybersecurity, the Department depends upon and must strengthen its cooperation with the private sector.”
Mayorkas also noted that “to facilitate and enhance our trade and travel [programs], DHS must innovate and align its research and development with the efforts of private industry and academic institutions.” He continued, that in order for DHS to succeed in its many missions, the Department must work with the many communities and stakeholders that it serves.
The Committee Will Expand its Oversight of the SolarWinds Incident. Both Chairman Portman and Ranking Member Peters each raised the SolarWinds incident in their opening statements, as a key challenge for DHS and its next Secretary. They also indicated it is an area that HSGAC will continue to look at as part of its oversight of the Department.
However, somewhat surprisingly, discussion of the cybersecurity aspects of the DHS mission and the revelation of the SolarWinds incident was not as extensive as might have been expected given the scope of the incident and its widespread impact.
HSGAC and DHS Will Examine Key Cyber Programs at CISA. Senator Hassan stated that the SolarWinds incident revealed vulnerabilities across government, and that DHS and CISA must review the adequacy of its EINSTEIN and Continuous Diagnostics and Mitigation (CDM) programs to understand why they did not detect or prevent these intrusions. Mayorkas added that he planned to conduct a thorough review of the incident.
Senator Romney stated that the U.S. Government is “woefully unprepared” to address major cybersecurity incidents, as evidenced by SolarWinds. And he hopes that Mayorkas will help implement improved approaches to America’s defensive and offensive cyber capabilities.
In his second round of questions, Chairman Portman stated that the SolarWinds incident shows that CISA is stretched too thin and needs appropriate resourcing to meet the demands of its mission. He further added that DHS, given their relatively low FISMA performance scores, needed to lead by example across the federal government, to better secure their own networks and the overall .gov domain.
General Cyber Issues. In response to questions from Senators Sinema and Hassan, respectively, Mayorkas agreed to work with lawmakers on improving cybersecurity education and increasing resources for states and localities to bolster their cybersecurity capabilities. Mayorkas also noted the need for enhanced information sharing.
Mayorkas continued that HSGAC deserves praise for standing up CISA and Congress deserves credit for the 2021 NDAA’s provisions further equipping CISA to meet existing and future cyber challenges. He added that, if confirmed, CISA will have full support from the Secretary and, in terms of overall federal cyber hygiene, CISA and DHS need to lead the U.S. government by example.