U.S. Sen. Marco Rubio, R-Fla. , the new vice chairman of the U.S. Senate Select Committee on Intelligence, teamed up with U.S. Sen. Mark Warner, D-Va., the chairman of the committee, sent a letter to the Director of National Intelligence Avril Haines, National Security Agency Director General Paul Nakasone, Federal Bureau of Investigation Director Christopher Wray, and Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales, urging the Unified Coordination Group to name a leader in the United States’ response to the SolarWinds cyber breach that has affected numerous federal agencies and thousands of private sector entities.
The full text of the letter is below.
Dear Director Haines, General Nakasone, Director Wray, and Acting Director Wales:
We are writing to urge you to name and empower a clear leader in the United States’ response to the SolarWinds cyber breach that has affected numerous federal agencies, and thousands of other private sector entities. The federal government’s response so far has lacked the leadership and coordination warranted by a significant cyber event, and we have little confidence that we are on the shortest path to recovery.
The briefings we have received convey a disjointed and disorganized response to confronting the breach. Taking a federated rather than a unified approach means that critical tasks that are outside the central roles of your respective agencies are likely to fall through the cracks. The threat our country still faces from this incident needs clear leadership to develop and guide a unified strategy for recovery, in particular a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are needed.
The handling of this incident is too critical for us to continue operating the way we have been. Presidential Policy Directive-41 was not meant to impede a joint response to significant cyber incidents and clearly gives the Unified Coordination Group the authority, with mutual agreement and consistent with applicable legal authorities, to realign operational control of respective agency assets to respond to such incidents. We urge you to reach such an agreement and assign a clear leader to ensure we confront and mitigate this incident fully, and as quickly as possible.