Last week, Florida’s two U.S. senators–Republicans Marco Rubio and Rick Scott–and U.S. Reps. Gus Bilirakis, R-Fla., Vern Buchanan, R-Fla., Kat Cammack, R-Fla., Mario Diaz-Balart, R-Fla., Neal Dunn, R-Fla., Carlos Gimenez, R-Fla., Stephanie Murphy, D-Fla., Bill Posey, R-Fla., John Rutherford, R-Fla., Maria Elvira Salazar, R-Fla., and Michael Waltz, R-Fla., sent a letter to U.S. Attorney General Merrick Garland seeking answers regarding the SolarWinds cyber-attack of United States Attorneys’ Offices (USAO) in Florida.
The letter is below.
Dear Attorney General Garland:
We write with regard to a recent notice issued by the U.S. Department of Justice (DOJ) alerting the American public that the SolarWinds cyber-attack affected the Microsoft email servers of 27 United States Attorneys’ Offices (USAO), including the USAOs in the Northern, Middle, and Southern Districts of Florida.
Over the last year, there has been a drastic increase in the number of cyberattacks against American businesses and governments. The wide-ranging SolarWinds breach exposed that even the highest levels of the federal government are at risk for cyberattacks. According to public reports, at least 18,000 entities were targeted in the SolarWinds hacking campaign, including state and local governments. The SolarWinds breach is just one of many high profile cyberattacks that have occurred this year.
The DOJ confirmed the breach affected 80 percent of Microsoft email accounts used by USAO employees in New York, but did not provide additional information on the extent of the hack or its effect on Florida USAOs or offices in other identified states. This announcement is alarming as USAO email servers contain highly sensitive information. Florida USAOs are responsible for the prosecution of some of the most significant federal crimes, including crimes related to drugs and trafficking. Additionally, according to recent media reports the DOJ launched an internal review of cybersecurity procedures in April 2021. The DOJ was reportedly conducting a 120-day review of interagency cybersecurity challenges. However, the DOJ did not formally announce this review and does not appear to have publically shared any information about the scope of this review.
We are confident that the DOJ and other involved federal agencies are working tirelessly to prevent cyberattacks. However, the breach of USAO email servers is very concerning.
Accordingly, we ask that you answer the following questions no later than Friday, October 1, 2021:
1, What USAO information was compromised as a result of this hack?
2. Was sensitive information, such as witness information, victim information, or information that relates to national security compromised? If so, please describe the types of information compromised.
3. What steps have you taken to ensure the vulnerabilities that led to this intrusion have been remedied?
4. During your confirmation hearing, you committed to a whole-of-government response to cyber threats. Please describe the current collaborative framework within the federal government for interagency coordination on cyber threats. Please describe the President’s strategy for a whole-of-government coordinated response to responding to and preventing cyberattacks, including which individual is leading this effort.
5. In response to a question at your confirmation hearing, you said you would use the full power of the DOJ to combat cyber threats. You also said that you would fully support the President and his National Security team’s efforts on cybersecurity. What have been the efforts of the President related to cybersecurity that you have supported since you were confirmed?
6. In June, you announced you were doubling the number of attorneys working on voting rights at the DOJ. Given the significant threat to America posed by cyberattacks, how much have you increased the number of attorneys or other staff working on cybersecurity issues?
We stand ready and willing to assist as you combat state sponsored hacking. Thank you for your prompt attention to this matter.