Suddenly, as though awakened from a dream, a group of 19 senators wrote a serious letter to President Trump on Thursday demanding that the White House conduct an investigation into … wait for it … the Russian government’s capabilities to disrupt America’s power grid.

Apparently jostled from slumber by news of a massive ransomware attack back in May where the U.K.’s health care system was disrupted by the WannaCry virus, the Senate now wants the president to take meaningful action in light of the possibility that something like WannaCry could happen here in the U.S.

Never mind that the damage to U.S. businesses from WannaCry was minimal and that I could give you a five-page list of equally serious events that have occurred over the past eight years under the Obama administration — or that Trump has already put more energy into cybersecurity than either of his two predecessors. No, Sens. Bernie Sanders (I-Vt.) and Al Franken (D-Minn.) want answers, and they want them now.

[lz_ndn video= 32592418]

The letter, signed by 17 other clowns including Sens. Ron Wyden (D-Ore.) and Maria Cantwell (D-Wash.), reads: “We are deeply concerned that your administration has not backed up a verbal commitment prioritizing cybersecurity of energy networks and fighting cyber aggression with any meaningful action.”

Now, setting aside my own frustration with the cybersecurity executive order that Trump signed in early May, many in Congress and in my cybersecurity community praised that act. They’ve applauded President Trump for insisting for the first time in history that all government agencies adopt a standardized framework for cybersecurity. This is an admittedly important first step in progressing toward a complete overhaul of the federal government’s lethargic, siloed, and hopelessly outdated approach to cybersecurity.

The executive order says that all agencies should be held accountable for their own cybersecurity and requires, effective immediately, that they use the cybersecurity framework developed by the National Institute of Standards and Technology (NIST).

Rep. Lamar Smith (R-Texas), who chairs the House Science Committee, celebrated the order’s NIST framework requirement. Smith’s committee has approved legislation that would require NIST to audit and assist agencies that adopt the framework.

Kevin Davis, a respected executive at the cybersecurity firm Splunk; Christopher Padilla, a senior cybersecurity executive at IBM; Amit Yoran, former RSA CEO and chief executive of Tenable Security; and John Bambenek, a threat research executive at Fidelis Cybersecurity, to name just a few, all reaped high praise on the meat in the executive order, calling it strong incentive for agency heads to do what they should have been doing all along.

Even Obama’s former cybersecurity coordinator, Michael Daniel, said that it was an improvement over the prior direction.

Who do you think would win the Presidency?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

But clearly, all of this positive response wasn’t good enough for the Al and Bernie show. They want answers, and they want them in 60 days. By my count, they each had 2,920 days over the past eight years to do the work that some people (like me) think they were put in Congress to do — like perhaps insisting, back when it happened three years ago, that the power outage in the Ukraine that successfully targeted and took down one-fifth of the Kiev power grid should have been investigated as a potential source of malware for a future U.S. energy grid attack.

Now suddenly Sanders and company have discovered what we in the cybersecurity community have known for years. The malware used in Kiev and known as CrashOverride is linked to the Russian hacker group Sandworm, which was also responsible for planting malware in U.S. energy networks back in 2014. (go to page 2 to continue reading)[lz_pagination]