Lawmakers press CISA on reported data removal at NLRB; agency says it has not been asked to assist

Representative Underwood asked CISA whether Russia remained a priority threat and moved to questioning the agency's response to public reporting of a March incident at the National Labor Relations Board in which a whistleblower alleged that employees of a unit referred to in public reporting as "Doge" removed large amounts of data and disabled logging and monitoring. Underwood cited media reporting that login attempts had come from an IP address in Russia and that the whistleblower received a threatening note.

"Normally, at this point, a CISA computer emergency readiness team would be created to respond," Underwood said, asking who decided not to create such a response team in the reported instance. Underwood said the whistleblower told investigators that instructions "had come down to drop The US cert reporting and investigation."

Bridget Bean, the senior official performing the duties of the director of CISA, said the agency supports federal civilian agencies and would provide forensic and technical assistance "if we are asked to do so." Bean told the committee that CISA had not received a request from the NLRB and that the agency would provide updates if formally asked to participate in investigative work. "If we are asked to do so, we will we will provide updates," she said.

Representative Escobar and other members expressed concern about the reported sharing of sensitive information through unsecured personal accounts and asked whether CISA had been consulted. Bean said she had no knowledge that CISA had been consulted and offered to obtain more information and follow up with the committee.

There was no recorded formal action by the committee to compel CISA to open a response; rather, members sought information and asked the agency to provide updates if and when it is asked to participate.