1. AWS Slammed For Refusing To Testify Despite Role In Attack
Warner: I would like for the record to note that we also asked a representative from Amazon Web Services to join us today, but unfortunately they declined. But we will be expecting to get a full update. We’ve had one update from our friends at Amazon, but it would be most helpful if, in the future, they actually attended these hearings. … When a large enterprise like Amazon is invited, they ought to be participating.
Rubio: As the chairman mentioned, we had extended an invitation to Amazon to participate. The operation we’ll be discussing today uses their infrastructure, [and], at least in part, required it to be successful. Apparently they were too busy to discuss that here with us today, and I hope they’ll reconsider that in the future.
Cornyn: I share the concern that has been expressed at Amazon Web Services declining to participate. I think that’s a big mistake; it denies us a more complete picture than we might otherwise have, and I hope they will reconsider and cooperate with the committee going forward.
Burr: In the SolarWinds attack, Amazon Web Services hosted most of the secondary command and control nodes. And all of AWS’ infrastructure was inside the United States .… We constantly see foreign actors exploiting domestic infrastructure for the command and control to hide the nefarious traffic in legitimate traffic. Given the legal restrictions on the intelligence community, we don’t have the ability to surveil the domestic infrastructure. So what should the U.S. government’s role be in identifying these types of attacks?