Chairman Gary Peters, a Michigan Democrat, along with top Republican Rob Portman of Ohio, asked the administration for specifics, including strategies that federal agencies are developing, new or revised authorities and suggestions for legislation.
“As highlighted in recent weeks, a single ransomware attack against a vulnerable target can have widespread and devastating impacts for communities across the United States,” they wrote.
The request, asking for information within 30 days, comes in the wake of cyber breaches of a major oil pipeline, the New York City transportation system, and meatpacking centers.
Biden previously said he was “looking closely” at retaliating in response to a ransomware attack on JBS, which the White House identified as having been carried out by a group working from Russia.
“It’s not a fire raging across the prairie that once it’s consumed the fuel, it will simply stop, and we can simply wait for that moment. We must stand in and there’s a range of activities that we must undertake,” Inglis told lawmakers during his confirmation hearing.
Like-minded nations need to remove “sanctuary and bring to bear consequences on those who hold us at risk,” he said.
Biden’s nominee to the lead the DHS cybersecurity agency, Jen Easterly, expressed support for mandatory private sector reporting to the government on cyber incidents during the same hearing Thursday.
“I don’t have a sense across the board. But it seems to me that voluntary standards are probably not getting the job done,” she said.
The provision establishes a cyber response and recovery fund for the DHS Cybersecurity and Infrastructure Security Agency to provide direct support to public or private entities after significant cyberattacks.