Satna News AMP
Local News

Congress Demands Emergency Briefing as CISA Data Leak Probe Widens

4 min read

Senior members of Congress on Tuesday demanded a full accounting from the Cybersecurity and Infrastructure Security Agency after reports surfaced that a significant data leak had exposed sensitive information held by the federal cybersecurity watchdog. The agency, known as CISA, acknowledged the breach and said it was working to contain the fallout while notifying affected parties.

Lawmakers Demand Immediate Answers

The Senate Homeland Security Committee called on CISA director Jen Easterly to provide a classified briefing within 72 hours. Committee chairman Senator Gary Peters issued a statement saying the American public deserved transparency about what systems were compromised. Three additional Senate committees with jurisdiction over cybersecurity also requested separate briefings, according to congressional aides speaking on background.

Representative Mark Green, who chairs the House Homeland Security Committee, sent a formal letter to Easterly demanding documentation of the breach timeline and the number of individuals potentially affected. The letter, dated Monday, gave CISA until the end of the week to respond. At least 12 bipartisan lawmakers signed onto a separate resolution calling for a full independent investigation.

What the Data Leak Involved

Cybersecurity researchers first flagged the exposure in late January, discovering that CISA had failed to properly secure a system containing vulnerability assessment data. The exposed database included information on critical infrastructure across 23 states, according to a report published by Wired magazine. The leak reportedly involved unencrypted records dating back to 2019.

Scope of the Breach

Security analysts estimated the breach could affect hundreds of organisations, including power grid operators, water treatment facilities, and hospital systems. CISA has not released an official figure for how many records were exposed. The agency confirmed only that it became aware of "an exposure of data under our control" and said it had taken immediate steps to address the issue.

The vulnerability stemmed from a misconfigured interface used by CISA's EINSTEIN intrusion detection system, according to two people familiar with the matter. EINSTEIN monitors federal network traffic for malicious activity and is considered a cornerstone of the government's cyber defense architecture.

CISA's Response and Internal Review

The agency issued a statement acknowledging the breach and promising a thorough review of its security practices. CISA said it discovered the exposure through "internal security controls" rather than external reporting. The statement did not specify when the agency first learned of the problem or how long the data remained accessible.

Easterly told reporters during a press conference that CISA takes "every potential compromise seriously" and that the agency was coordinating with the Department of Homeland Security's inspector general. The director acknowledged that the breach represented a failure of the agency's own security protocols.

The agency has since disabled the affected system and launched an investigation led by its own cybersecurity division. CISA also said it was working with the Department of Justice to assess any potential criminal dimensions of the incident.

Critical Infrastructure at Risk

The exposed data includes vulnerability assessments for systems deemed essential to national security, including power grids in the eastern United States and water infrastructure serving major metropolitan areas. Security researchers warned that the information could be valuable to foreign intelligence services or criminal groups seeking to exploit weaknesses in American infrastructure.

John Hultquist, a vice president at Mandiant, said the breach underscored the risks of centralising sensitive security data. "When a single agency holds this much information about national vulnerabilities, it becomes an attractive target," Hultquist noted in a post on social media. His company was not involved in discovering the breach.

The National Infrastructure Protection Plan designates 16 sectors as critical infrastructure, and CISA's EINSTEIN system monitors threats across most of them. Industry groups representing energy and water utilities said they were seeking more information from the agency about potential exposure to their members.

Congressional Oversight and Legislative Fallout

The breach has reignited debates about CISA's authority and funding. Some lawmakers have called for restrictions on the agency's data collection, while others want to increase resources for cybersecurity modernization. The incident could complicate upcoming debates about reauthorizing expiring provisions of the CISA Act.

Senator Rick Scott of Florida introduced legislation requiring CISA to notify state governments within 24 hours of any breach involving infrastructure data. The bill has four co-sponsors. A separate measure from Representative Kathleen Rice would mandate annual independent audits of CISA's security systems.

The Biden administration has not publicly commented beyond the agency's own statement. The White House press secretary declined to answer questions about whether the President had been briefed on the incident.

What Happens Next

CISA's internal review is expected to conclude within 30 days. The agency's inspector general has opened a separate investigation and may issue a public report. Affected organisations will likely receive notifications from CISA in the coming weeks, though the agency has not committed to a specific timeline.

Cybersecurity experts say the episode highlights broader challenges facing federal agencies as they modernise aging systems. A Government Accountability Office report from last year found that CISA had 13 outstanding recommendations for improving its security posture, none of which had been fully implemented.

See Also

Share:
#Congress #national #government #white house #white #for #found #the

Read the full article on Satna News

Full Article →