As federal agencies and private-sector critical infrastructure entities struggle to assess the fallout from what researchers are calling a hack of historic scale, the ability to fully track the intruders' steps should come standard, not as a source of additional profit for government cloud vendors, Rep. Jim Langevin, D-R.I., said after a Congressional hearing Friday.
“I firmly believe that cybersecurity should be baked into products and services, so it concerns me when I hear that companies could view security logging as a profit center. I understand that cybersecurity isn’t free, but basics like logging shouldn’t be an ‘upcharge,’” Langevin told Nextgov after the hearing. “I certainly hope the federal government will look to use its substantial bulk purchasing power to make sure we’re not getting a raw deal with respect to the cybersecurity of cloud services we procure.”
The joint hearing of the House Homeland Security and Oversight and Reform committees allowed lawmakers to question Microsoft President Brad Smith, FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and former SolarWinds CEO Kevin Thompson about the role of private technology in the ongoing hacking campaign that compromised at least nine federal agencies and 100 companies.
“We still don’t know if they’re still in the system!” Rep. Carolyn Maloney, D-N.Y., Chair of the Oversight and Reform Committee, said. “All of the companies here today are victims of this attack, and all provide products and services to the government. That puts the government at risk.”
She said the private sector must be held accountable and that her committee plans to focus on improving federal procurement as well as examining agencies’ responsibilities and strategy under the Federal Information Security Modernization Act, or FISMA.
Rep. Bennie Thompson, D-Miss., Chairman of the Homeland Security C ..