With Russian Hackers’ Confirmed Access to Microsoft’s Source Code, Shaheen Calls on Admin to Immediately Implement Her Cybersecurity Provision Signed into Law Two Years Ago

January 05, 2021

Shaheen’s Cybersecurity Requirement to Boost U.S. Cyber-Infrastructure was Included in the FY2019 NDAA

(Washington, DC) – U.S. Senator Jeanne Shaheen (D-NH), a senior member of the Senate Armed Services and Foreign Relations Committees, called on the Trump administration to immediately implement Section 1655 of the Fiscal Year 2019 National Defense Authorization Act, containing her provision signed into law that requires IT companies working with the Department of Defense (DOD) to disclose instances where they have been asked to share their source code with any country that poses a cybersecurity threat to the United States, including Russia. Shaheen’s call follows reports that Kremlin hackers were able to access and view Microsoft’s source code during the unprecedented cyberattack that President Trump has failed to address and downplayed Russia’s culpability.

“Time and again, President Trump and his administration have shown they are unwilling or unable to address national security threats from the Kremlin,” said Shaheen. “The administration’s failure to implement this provision, two years from the date it was signed into law, is an unacceptable dereliction of duty that’s compromising our cyberinfrastructure and national defense. I drafted this provision immediately upon hearing of Russia and other countries’ attempts to access the source code of software used on government computers, and it is meant to prevent the very types of large-scale cyberattacks that we just experienced with the SolarWinds hack. I look forward to working with the Biden administration to tackle all threats from Russia and other adversaries and hope that President Trump uses his remaining time in office to prioritize the implementation of laws, like this one, that will protect our systems for the long term.”

Shaheen’s provision alerts the Department of Defense to potential vulnerabilities posed by countries who have gained access to software used on DOD systems. Her provision is the only requirement for companies to share this information with the U.S. government, despite the risk to U.S. systems operating compromised software on classified and otherwise sensitive networks. This provision builds on Shaheen’s efforts to strengthen national security efforts around cybersecurity, having successfully established a government-wide ban on the Kremlin-linked Kaspersky Lab software across all federal agencies in the FY 2018 NDAA. 

Shaheen has led efforts in Congress to hold Russia accountable for its aggression and election interference. She was the first legislator to call for hearings into their meddling in the 2016 elections. Because of her role as a negotiator on Russia sanctions legislation known as “CAATSA” and her successful efforts to ban Kaspersky Lab software from operating on U.S. systems, Shaheen was sanctioned by the Kremlin in 2017. Senator Shaheen has been warning of the Kremlin’s continued interference and she herself has been the target of a hacking attempt.