Five months later President BidenJoe BidenHouse Democrats push vote on social spending plan through Friday Fauci says all adults should ‘go get a boost’ Senate confirms Park Service director after years of sitting bosses MORE met with the russian president Vladimir PutinVladimir Vladimirovich Putin Putin: The West did not take the ‘red lines’ seriously enough. COP26 was an escape. Here’s why you get a failing grade. Can the United States avoid a cold war that causes global warming? PLUS urging him to take a stand against ransomware attacks emanating from his country, lawmakers are beginning to get irritated by what they see as a lack of results from the administration’s efforts to confront Russia.
Their concerns have risen in recent weeks when they heard conflicting messages from key federal leaders about whether ransomware attacks linked to Russia-based hackers have subsided since the two leaders met, undermining the Biden administration’s broad efforts to strengthen. cybersecurity of the nation.
“If the United States knew that criminal actors were emanating from our soil and attacking another country, we would act, and I don’t see any evidence that Russia is really helping us in this regard,” said Rep. Elissa slotkinElissa SlotkinBiden, Senior Officials Deployed to Promote Infrastructure Package Conservative Group Targeting House Democrats for Positions SALT Hoyer: Vote on .75T Spending Package Likely Thursday or Friday MORE (D-Mich.), Chair of the House Homeland Security Committee’s Intelligence and Counterterrorism panel, said at a hearing Wednesday.
Biden put cybersecurity concerns high on his agenda during his in-person chat with Putin in Geneva earlier this year, and handed the Russian leader a list of 16 types of critical infrastructure in the US. they could be attacked without risking retaliation. Biden warned at the time that the United States would take further action if no action was taken, and private talks between American and Russian officials have continued since that meeting.
“I pointed out to him that we have a great cybernetic capacity and he knows it. You don’t know exactly what it is, but it’s significant, ”Biden. told reporters after the conference. “If they violate these basic rules, we will respond.”
Adding to legislators’ concerns are statements made in recent weeks by senior officials who have painted slightly contradictory pictures of the status of ransomware attacks.
“We have seen a perceptible decline,” said National Cyber Director Chris Inglis on the Russian ransomware attacks before the House of Representatives Committee on Homeland Security earlier this month, warning that “it is too early to say if that will happen. it owes to the material efforts made by the Russians or the Russian leadership. ”
But the day after Inglis’s testimony, Assistant Attorney General Lisa Monaco said The Associated Press that “we have not seen a material change in the landscape.”
“From the FBI’s perspective, we have not seen a decrease in ransomware attacks in recent months coming from Russia,” Bryan Vorndran, deputy director of the FBI’s Cyber Division, told the House Oversight and Reform Committee on Tuesday. “Please understand that we have incomplete data, at best we only see about 20 percent of the intrusions in the country.”
The lack of data has not sat well with lawmakers on both sides of the aisle, who have seen constituent concerns rise over cyber threats over the past year following ransomware attacks on groups like Colonial Pipeline and the producer. of JBS USA meat, as well as the city. governments, schools and hospitals. Both the Colonial Pipeline and JBS USA attacks were linked to cybercriminals likely based in Russia.
These concerns were front and center during the two House hearings on ransomware attacks this week, in which lawmakers questioned federal officials.
During an irritable exchange between Slotkin and Robert Silvers, the undersecretary of the Department of Homeland Security’s Office of Strategy, Policy, and Plans, Slotkin repeatedly pressed Silvers for metrics on the attacks. Silvers testified that he was unable to make a “final assessment” due in large part to a lack of transparency in the private sector.
“I’m very concerned about whether or not we can really hold people accountable inside Russia,” Rep. August Pfluger (R-Texas) said after a similar exchange with Silvers. “We want to see, hear and understand the details of these cases and how that effect is advancing to prevent our business.”
Some lawmakers suggested the need to go further and take more aggressive action against Russia.
“Obviously, Putin can shut down these operations in one day if he wanted to,” said Rep. Tom malinowskiThomas (Tom) MalinowskiGroup Aligned With House Republican Leadership Targeting Nine Democrats On Vote Spending Democrats Disagree With Changes SALT Israel Says Blacklisted NSO Group ‘Has Nothing To Do’ With Policies government MORE (DN.J.) said at the House Homeland Security Committee hearing on Wednesday. “Frankly, even though we don’t talk much about this publicly, I think there is an offensive capability, not just a defensive one, that we should employ here.”
“At what point is this a declaration of war, a declaration that we cannot tolerate?” Said Rep. Ralph normanRalph Warren NormanGOP seeks oversight hearing with Kerry on climate diplomacy House Freedom Caucus elects Rep. Scott Perry as new chair Republican Rep. Clyde racks up 500 in mask fines MORE (RS.C.) asked during the House Oversight and Reform Committee hearing the day before, adding that “they are shooting at us.”
Senior Member of the House Homeland Security Committee John katkoJohn Michael Katko GOP Senators dismayed by House of Representatives’ ‘ridiculous’ infighting to censor Gosar from committees Trump gives McConnell an insulting ultimatum on Biden’s agenda MORE (RN.Y.) was even more direct.
“Russia and China are not deterred by cyber issues, it is because of the weak response of this administration,” Katko told The Hill on Wednesday. “You have to have a strong response in the cyber field, the bad guys know nothing but force, and if you don’t project force, you have problems.”
But administration officials have insisted this week that the administration has not only made confronting cybersecurity threats a priority, but has taken a series of steps to create political pain for Russia and continue to urge leaders there to crack down on hackers behind the scenes. .
“We have been quite direct with the Russian government, but we are not sitting around waiting for the Russian government to act,” Silvers testified. “We have informed them that if they do not act against those who take this action from their territory, we will take it, and we are doing it, and these have been announced, and some have not been announced, in recent months.”
“One of the keys here is making ransomware criminals feel paranoid, scared, not trusting those around them, and that’s what we’re doing to disrupt them,” he added.
Beyond meeting Putin, Biden signed an executive order in May to strengthen federal cybersecurity and the White House. summoned leaders from around 30 countries last month to discuss ways to tackle ransomware attacks on the global stage.
Additionally, the Justice Department and the Treasury Department have issued indictments and sanctions against cybercriminals in Russia and neighboring states, along with Biden sanctioning Russia in retaliation for the SolarWinds hack.
“When I met with President Putin in June, I made it clear that the United States would take steps to hold cybercriminals accountable,” Biden said in a statement last month after the Justice Department indicted hackers linked to the attack on ransomware against IT group Kaseya. “That is what we have done today.”
Silvers and other officials argued this week that the data was not available due to a lack of regulations requiring critical organizations to report cybersecurity incidents. Legislation doing just that is likely to become law as part of this year’s National Defense Authorization Act.
“It is difficult to assess, because the vast majority of ransomware incidents are not reported to the government,” Silvers testified, emphasizing that the legislation “would provide us with the data we need to conduct these kinds of assessments that you expect to see in your oversight. ”
But in the meantime, lawmakers are eager for more tangible progress.
“It’s one thing to say we’re going to take action and show strength, it’s another thing to have the data to back it up,” said Slotkin.