March 14, 2022

Manchin, Capito Lead Bipartisan Request For Information On U.S. Protection From Russian Cyber, Disinformation Threats

Washington, DC U.S. Senators Joe Manchin (D-WV), member of the Senate Armed Services Committee (SASC) and Chairman of the Senate Armed Services Cybersecurity Subcommittee, and Shelley Moore Capito (R-WV), Ranking Member of the Senate Homeland Security Appropriations Subcommittee, led 22 bipartisan Senators requesting information from U.S. Secretary of Homeland Security Alejandro Mayorkas on efforts to protect the United States from Russian cyber and disinformation threats. The letter references past Russian cyber operations – such the SolarWinds attack – as evidence of its history of engaging in malicious cyber activities targeting the United States. 

“Given Russia's history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its unprovoked invasion of Ukraine. As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin's regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities,” the Senators said in part.

“As the nation's cyber defense agency, what is the Cybersecurity and Infrastructure Security Agency (CISA) itself doing to monitor and proactively defend against Russian state-sponsored cyber threats, and is there a strategy in place should U.S. critical infrastructure be targeted?” the Senators questioned. “How has the disinformation threat level to the United States homeland changed since Russia's invasion of Ukraine, and what is the Department doing to mitigate that threat?”

Senators Manchin and Capito were joined by Senators Jacky Rosen (D-NV), Mike Rounds (R-SD), Michael Bennet (D-CO), Richard Blumenthal (D-CT), Cory Booker (D-NJ), Sherrod Brown (D-OH) Mike Braun (R-IN), Bob Casey (D-PA), Susan Collins (R-ME), Catherine Cortez Masto (D-NV), Tammy Duckworth (D-IL), Dianne Feinstein (D-CA), John Hickenlooper (D-CO), Mark Kelly (D-AZ), Angus King (I-ME), Alex Padilla (D-CA), Jeanne Shaheen (D-NH), Chris Van Hollen (D-MD), Raphael Warnock (D-GA) and Kirsten Gillibrand (D-NY). 

The full letter is available below or here.

Dear Secretary Mayorkas:

We write to request a briefing on the Department of Homeland Security's efforts to protect the United States homeland from Russian government cyber and disinformation threats in the wake of Russia's violent and unprovoked invasion of Ukraine.
 
The Russian government often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the United States. In response, the United States government has imposed sanctions on Russian security personnel and agents for various cyberattacks, including the SolarWinds cyber espionage campaign, and for acts of disinformation and interference, including Russian government­ directed attempts to influence U.S. elections.

Given Russia's history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its unprovoked invasion of Ukraine. As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin's regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities. We therefore commend the Cybersecurity and Infrastructure Security Agency (CISA) for creating the Shields Up Technical Guidance webpage to help organizations prepare for, respond to, and mitigate the impact of cyberattacks in the context of Russia's invasion of Ukraine. However, given the evolving threat landscape regarding potential cyberattacks and disinformation activities by Russia, we request a briefing that addresses the following questions:

• As the nation's cyber defense agency, what is CISA itself doing to monitor and proactively defend against Russian state-sponsored cyber threats, and is there a strategy in place should U.S. critical infrastructure be targeted?

• Are there specific U.S. entities or sectors that are targets, and if so, how is CISA proactively identifying and providing technical support to critical infrastructure owners and operators that are most at risk?

• How is the Shields Up Technical Guidance being disseminated to critical infrastructure owners and operators? Specifically, how is guidance being shared with smaller entities that do not have CIOs or CISOs and entities that are not members of the Joint Cyber Defense Collaborative?

• How is the Department defending against Russian disinformation efforts? How has the disinformation threat level to the United States homeland changed since Russia's invasion of Ukraine, and what is the Department doing to mitigate that threat?

• How is CISA coordinating with international partners to advance operational coordination and build partner capacity, including for NATO Allies and Ukraine?

Thank you for your attention to this important matter, and we look forward to your prompt response.