Collins, King Request Information From Biden Administration on Efforts to Protect the United States from Russian Cyberthreats

Source: United States Senator for Maine Angus King

WASHINGTON, D.C. – U.S. Senators Susan Collins and Angus King, members of the Senate Intelligence Committee, are urging the Biden administration to provide information on the threat of Russian cyberattacks and U.S. preparedness for possible intrusions. In a bipartisan letter with 20 their Senate colleagues to U.S. Secretary of Homeland Security Alejandro Mayorkas, the Senators request information on efforts to protect the United States from Russian cyber and disinformation threats and urge the Administration to take any necessary steps to defend critical infrastructure and at-risk sectors.

“We write to request a briefing on the Department of Homeland Security’s efforts to protect the United States homeland from Russian government cyber and disinformation threats in the wake of Russia’s violent and unprovoked invasion of Ukraine,” wrote the Senators. “The Russian government often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the United States.”

“Given Russia’s history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its invasion of Ukraine,”  continued the Senators. “As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin’s regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities.”

The Senators conclude their letter by asking for a briefing on several pressing questions:

·                As the nation’s cyber defense agency, what is the Cybersecurity and Infrastructure and Security Agency (CISA) itself doing to monitor and proactively defend against Russian state-sponsored cyber threats, and is there a strategy in place should U.S. critical infrastructure be targeted?

·                Are there specific U.S. entities or sectors that are targets, and if so, how is CISA proactively identifying and providing technical support to critical infrastructure owners and operators that are most at risk?

·                How is the Shields Up Technical Guidance being disseminated to critical infrastructure owners and operators? Specifically, how is guidance being shared with smaller entities that do not have CIOs or CISOs and entities that are not members of the Joint Cyber Defense Collaborative?

·                How is the Department defending against Russian disinformation efforts? How has the disinformation threat level to the United States homeland changed since Russia’s invasion of Ukraine, and what is the Department doing to mitigate that threat?

·                How is CISA coordinating with international partners to advance operational coordination and build partner capacity, including for NATO Allies and Ukraine?

The full text of the letter can be found here or read below.

++

Dear Secretary Mayorkas:

We write to request a briefing on the Department of Homeland Security’s efforts to protect the United States homeland from Russian government cyber and disinformation threats in the wake of Russia’s violent and unprovoked invasion of Ukraine.

The Russian government often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the United States. In response, the United States government has imposed sanctions on Russian security personnel and agents for various cyberattacks, including the Solar Winds cyber espionage campaign, and for acts of disinformation and interference, including Russian government ­directed attempts to influence U.S. elections.

Given Russia’s history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its unprovoked invasion of Ukraine. As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin’s regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities. We therefore commend the Cybersecurity and Infrastructure Security Agency (CISA) for creating the Shields Up Technical Guidance webpage to help organizations prepare for, respond to, and mitigate the impact of cyberattacks in the context of Russia’s invasion of Ukraine. However, given the evolving threat landscape regarding potential cyberattacks and disinformation activities by Russia, we request a briefing that addresses the following questions:

·                As the nation’s cyber defense agency, what is CISA itself doing to monitor and proactively defend against Russian state-sponsored cyber threats, and is there a strategy in place should U.S. critical infrastructure be targeted?

·                Are there specific U.S. entities or sectors that are targets, and if so, how is CISA proactively identifying and providing technical support to critical infrastructure owners and operators that are most at risk?

·                How is the Shields Up Technical Guidance being disseminated to critical infrastructure owners and operators? Specifically, how is guidance being shared with smaller entities that do not have CIOs or CISOs and entities that are not members of the Joint Cyber Defense Collaborative?

·                How is the Department defending against Russian disinformation efforts? How has the disinformation threat level to the United States homeland changed since Russia’s invasion of Ukraine, and what is the Department doing to mitigate that threat?

·                How is CISA coordinating with international partners to advance operational coordination and build partner capacity, including for NATO Allies and Ukraine?

Thank you for your attention to this important matter, and we look forward to your prompt response.

Sincerely,