Click here for footage of the Senator’s questions.
WASHINGTON – Senator Maggie Hassan today participated in a Senate Commerce, Science, and Transportation Committee hearing focused on cybersecurity in the wake of the cyber vulnerabilities “Spectre” and “Meltdown” that were found in processing chips made by Intel, ARM, and AMD.
The vulnerabilities created backdoor ways for hackers to access computer processors produced by these companies, including computers that much of the U.S. government uses. While the computer processor companies were made aware of the vulnerabilities in June 2017, they did not fully disclose the presence of such vulnerabilities to the Department of Homeland Security until January 2018.
When Senator Hassan sought further information from Donna Dodson, Chief Cybersecurity Advisor and Director of the National Cybersecurity Center of Excellence, National Institute of Standards and Technology at the U.S. Department of Commerce about how many U.S. government computers currently have processors containing such vulnerabilities, Ms. Dodson failed to provide a quantity and stated that it was under the Department of Homeland Security’s purview.
Senator Hassan pushed the witnesses on the importance of the processor companies addressing these cyber vulnerabilities that threaten the security of the U.S. government and bolstering cybersecurity, stating: “The Department of Homeland Security (DHS) supported by Congress, is working hard to try to defend our government systems from foreign cyberattacks. Just recently the United States government took action to address the prevalence of Kaspersky software in our systems, while last month the Senate passed a defense bill that banned the use of ZTE products by the federal government. So we are focused on this, it is really troubling and concerning that many—if not all—computers used by the government contain a processor vulnerability that would allow hostile nations to steal key datasets and information. It’s even more troubling that these processor companies knew about these vulnerabilities for 6 months before notifying DHS. So we need to consider ways to require the federal government’s equipment suppliers to promptly notify DHS of potential breaches or vulnerabilities that could weaken our federal systems.”
###