May 18, 2021

Manchin: Recent Cyberattacks Highlight Importance of Whole of Government Response, Cybersecurity Standards for Government Contractors

Washington, DC – Today, U.S. Senator Joe Manchin (D-WV), Chairman of the Senate Armed Services Subcommittee on Cybersecurity, led the subcommittee hearing on the cybersecurity protocols of the defense industrial base. Senator Manchin questioned two witnesses on the Department of Defense (DoD) comprehensive efforts to improve defense industrial base security and emphasized the urgent need to hold prime contractors accountable for the cybersecurity of their subcontractors. After the recent cyberattacks of Colonial Pipeline, Senator Manchin also discussed improving the government response to cyberattacks.

Senator Manchin has been a leading voice pushing for the Department of Defense to hold prime contractors accountable for the cybersecurity practices and protocols of their subcontractors.

Senator Manchin said in part, “Defense industrial base cybersecurity is a broad and complex undertaking, with many significant facets that need to be examined today. For instance, the Cybersecurity Maturity Model Certification, or CMMC for short is intended to establish a minimum guideline for DoD’s defense industrial base partners as to what standards must be met to conduct business with the DoD… But in order to build out our cybersecurity protections with the Defense Industrial base, we must set a baseline of standards with the CMMC initiative…Of particular interest to me is how DoD is going to hold prime contractors accountable for the cybersecurity performance of their subcontractors in the conduct of programs for DoD. I have been making this point for a couple of years now, and hope the Department has taken this to heart.”

“I hope that what we will hear today will be welcomed by Congress and the defense industrial base, particularly our small businesses. In addition to your updates on the CMMC review, I hope to hear concrete plans for how each of you plan to ensure our entire defense industrial base receives the support and guidance they need to keep our warfighters well supplied and safe. The relationship between DoD and its private industry contractors should be the gold standard for cybersecurity across the federal government, and provide an example to other federal agencies who secure private critical infrastructure,” Senator Manchin continued.

Last week, Colonial Pipeline was forced to shut down after a cyberattack, leading to increased gas prices and a gas shortage across the East Coast. During the hearing, Senator Manchin discussed the ramifications of the Colonial Pipeline attack and the need for a coordinated government response. Senator Manchin has been outspoken on the need to keep America’s military informed and capable in order to confront cybersecurity threats.

Senator Manchin said in part, “From the quarterly updates this subcommittee receives on cyber operations, it appears to me that DoD is doing an excellent job at taking the fight to our adversaries, but what concerns me is our inability to know exactly what groups are posing a threat to industry, so that we can adequately monitor, intercept, and if required, target them. I make this point because I am worried about the lack of a formalized and concerted whole of government response to both foreign and domestic cyber threats, and the lack of authority in a central figure to give these threats the attention they deserve. The Colonial Pipeline hack is only a recent public example of the threats we face on a daily basis… I look forward to working with my colleagues to identify a pathway forward to provide better Congressional oversight on a whole of government approach to our cyber vulnerabilities.”

In February, Senator Manchin was named Chairman of the Cybersecurity Subcommittee after previously serving as the Ranking Member of the subcommittee. The Subcommittee on Cybersecurity oversees policies and programs related to military cyber forces, operations, and capabilities.

A video of Senator Manchin’s opening statements during the Senate Armed Services Subcommittee on Cybersecurity can be found here.

A video of Senator Manchin questioning the witnesses during the Senate Armed Services Subcommittee on Cybersecurity can be found here.

A video of Senator Manchin discussing the ramifications for of the Colonial Pipeline attack during the Senate Armed Services Subcommittee on Cybersecurity can be found here.