March 14, 2022

Van Hollen, Rosen, Rounds Issue Bipartisan Letter to Homeland Security Secretary Requesting Information on Efforts to Protect the United States from Russian Cyber Threats

After the United States Announced Trade and Energy Penalties on Russia and Approved $14 Billion in Aid for Ukraine, Bipartisan Group of 22 Senators Request Information on Efforts to Protect Critical Infrastructure and Businesses from Retaliatory Russian Cyberattacks

U.S. Senators Chris Van Hollen (D-Md.), Jacky Rosen (D-Nev.), and Mike Rounds (R-S.D.) sent a letter to the U.S. Secretary of Homeland Security requesting information on efforts to protect the United States from Russian cyber and disinformation threats. The letter references past Russian cyber operations – such as the SolarWinds attack – as evidence of their history of engaging in malicious cyber activities that target the United States. 

The bipartisan letter, led by Senators Rosen and Rounds, was signed in addition to Senator Van Hollen by Senators Michael Bennet (D-Colo.), Richard Blumenthal (D-Conn.), Cory Booker (D-N.J.), Sherrod Brown (D-Ohio), Mike Braun (R-Ind.), Shelley Capito (R-W.Va.), Bob Casey (D-Pa.), Susan Collins (R-Maine), Catherine Cortez Masto (D-Nev.), Tammy Duckworth (D-Ill.), Dianne Feinstein (D-Calif.), John Hickenlooper (D-Colo.), Mark Kelly (D-Ariz.), Angus King (I-Maine), Joseph Manchin (D-W.Va.), Alex Padilla (D-Calif.), Jeanne Shaheen (D-N.H.), Raphael Warnock (D-Ga.), and Kirsten Gillibrand (D-N.Y.). 

“The Russian government often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the United States. In response, the United States government has imposed sanctions on Russian security personnel and agents for various cyberattacks, including the SolarWinds cyber espionage campaign, and for acts of disinformation and interference, including Russian government-directed attempts to influence U.S. elections,” wrote the Senators.

“Given Russia’s history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its invasion of Ukraine,”  the Senators’ letter continued. “As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin’s regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities.”

The full text of the letter can be found here.

Dear Secretary Mayorkas: 

We write to request a briefing on the Department of Homeland Security's efforts to protect the United States homeland from Russian government cyber and disinformation threats in the wake of Russia's violent and unprovoked invasion of Ukraine.

The Russian government often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the United States. In response, the United States government has imposed sanctions on Russian security personnel and agents for various cyberattacks, including the SolarWinds cyber espionage campaign, and for acts of disinformation and interference, including Russian government­ directed attempts to influence U.S. elections.

Given Russia's history of disruptive cyber and disinformation activities, we are concerned that the United States may be targeted in retaliation for actions taken to impose costs on Russia for its unprovoked invasion of Ukraine. As we stand with the Ukrainian people, impose crushing sanctions on Vladimir Putin's regime, and push for additional security assistance to help Ukraine defend itself, we also must work to secure the homeland from retaliatory cyber activities. We therefore commend the Cybersecurity and Infrastructure Security Agency (CISA) for creating the Shields Up Technical Guidance webpage to help organizations prepare for, respond to, and mitigate the impact of cyberattacks in the context of Russia's invasion of Ukraine. However, given the evolving threat landscape regarding potential cyberattacks and disinformation activities by Russia, we request a briefing that addresses the following questions:

  • As the nation's cyber defense agency, what is CISA itself doing to monitor and proactively defend against Russian state-sponsored cyber threats, and is there a strategy in place should U.S. critical infrastructure be targeted?
  • Are there specific U.S. entities or sectors that are targets, and if so, how is CISA proactively identifying and providing technical support to critical infrastructure owners and operators that are most at risk?
  • How is the Shields Up Technical Guidance being disseminated to critical infrastructure owners and operators? Specifically, how is guidance being shared with smaller entities that do not have CIOs or CISOs and entities that are not members of the Joint Cyber Defense Collaborative?
  • How is the Department defending against Russian disinformation efforts? How has the disinformation threat level to the United States homeland changed since Russia's invasion of Ukraine, and what is the Department doing to mitigate that threat?
  • How is CISA coordinating with international partners to advance operational coordination and build partner capacity, including for NATO Allies and Ukraine? 

Thank you for your attention to this important matter, and we look forward to your prompt response.

Sincerely,