News

WASHINGTON, D.C. – Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, Congressman John Joyce, M.D. (PA-13), Chairman of the Subcommittee on Oversight and Investigations, and Congressman Gus Bilirakis (FL-12), Chairman of the Subcommittee on Commerce, Manufacturing, and Trade, sent a letter to National Collegiate Athletic Association (NCAA) President Charlie Baker following the recent announcement that student athletes and athletic department staff will be allowed to bet on professional sports. KEY EXCERPTS: “The Committee on Energy and Commerce is examining the NCAA’s recent policy change permitting student athletes and athletic department staff to bet on professional sports.” [...] To assist the Committee in its oversight, we request a briefing by no later than November 13, 2025, that addresses the following: Why is the NCAA changing its policy allowing student athletes to bet on professional sports? Has the NCAA conducted any studies, analyses, or reviews of the impact of gambling on student athletes? If so, what are the results? What role did they play in the NCAA’s decision to allow student athletes to bet on professional sports? How does this change allow the NCAA, the conferences, and the member schools to better protect the integrity of college games and encourage healthy habits for student-athletes who choose to engage in betting activities on professional sports? How is the NCAA engaging with athletic conferences, member institutions, and teams to address questions and concerns about this rule change? Amid recent allegations of illegal sports betting among student athletes and concerns expressed by member institutions, is NCAA reconsidering implementation of the policy? What guardrails are in place to prevent the type of illegal sports betting activity that is allegedly occurring in the NCAA and NBA, considering that some student athletes will go on to become professional athletes? Please provide details about any fraudulent, illegal, and alleged betting practices in connection with NCAA players, coaches, and officials, including the actions of NCAA players identified in recent infraction decisions; as well as prior instances, some of which are identified above. Please describe the NCAA’s “layered integrity monitoring program,” for maintaining competition integrity and pursuing sports betting violations. What gaps, if any, are in existing regulations that allow illegal betting schemes to occur in college sports? BACKGROUND: On October 24, 2025, the Committee on Energy and Commerce launched its investigation into sports fixing and illegal gambling after the Federal Bureau of Investigation (FBI) unsealed indictments of current and former NBA players and coaches. An initial announcement stated that, effective November 1, 2025, student athletes and athletic department staff in all three NCAA divisions would be permitted to bet on professional sports. A few days before the policy change was supposed to take effect, the Division I Board of Directors voted to delay implementation of the rule change across all three divisions to November 22, 2025. A recent NCAA press release stated that “enforcement staff has opened investigations into potential sports betting violations by approximately 30 current or former men's basketball student-athletes.” CLICK HERE to read the full letter.

WASHINGTON, D.C. – Today, House Committee on Energy and Commerce Chairman Brett Guthrie (KY-02) and Ranking Member Frank Pallone Jr., (NJ-06), along with Energy and Commerce Subcommittee on Oversight and Investigations Chairman John Joyce, M.D. (PA-13) and Ranking Member Yvette D. Clarke (NY-09), and Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade Chairman Gus Bilirakis (FL-12) and Ranking Member Jan Schakowsky (IL-09), sent a letter to National Basketball Association (NBA) Commissioner Adam Silver following the recent announcement that current and former NBA players and coaches have been indicted on charges relating to sports fixing and illegal gambling. KEY EXCERPT: These allegations raise serious concerns about sports betting and the integrity of sport in the NBA, which harms fans and legal sports bettors. [...] To assist the Committee in its oversight, we request a briefing by no later than October 31, 2025, that addresses the following:  Details about the fraudulent, illegal, and alleged betting practices in connection with NBA players, coaches, and officials, including the actions of NBA players and coaches identified in the recent indictment; as well as prior instances, some of which are identified above.  Actions the NBA intends to take to limit the disclosure of nonpublic information for illegal purposes. Whether the NBA’s Code of Conduct for players and coaches effectively prohibits illegal activity, including the disclosure of non-public information for the purposes of illegal betting schemes. An explanation of the gaps, if any, in existing regulations that allow illegal betting schemes to occur. Whether and how the NBA is reevaluating the terms of its partnerships with sports betting companies. BACKGROUND: According to the unsealed indictment, current and former NBA players and coaches allegedly used insider information to place or profit from bets on NBA games. The federal indictment’s allegations of illegal betting span incidents of fraudulent wagering from December 2022 to March 2024 and involve defendants and co-conspirators residing across the United States. In 2023, it is alleged that Miami Heat player Terry Rozier left a game early to facilitate a co-conspirator’s winning bet, which produced hundreds of thousands of dollars in winnings to be split with Mr. Rozier. Another co-conspirator, former NBA player Damon Jones, is alleged to have gained access to non-public information on NBA players and teams, which he then sold to professional gamblers. Other unnamed co-conspirators are alleged to have passed along insider information as well, such as which players would not be playing in an upcoming game. In 2007, former NBA referee Tim Donaghy pleaded guilty to federal charges for using insider information to bet on games he officiated. Last year, Toronto Raptors player Jontay Porter was banned from the NBA for life after pleading guilty to wire fraud conspiracy due to his involvement in a sports betting scandal. CLICK HERE to read the full letter. CLICK HERE to read ESPN's exclusive coverage of the letter.

WASHINGTON, D.C.  – Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, Congressman Gus Bilirakis (FL-12), Chairman of the Subcommittee on Commerce, Manufacturing, and Trade, and Congressman John Joyce, M.D. (PA-13), Chairman of the Subcommittee on Oversight and Investigations, sent letters to Pam Bondi, U.S. Attorney General, Andrew Ferguson, Chairman of the Federal Trade Commission, and Howard Lutnick, Secretary of the U.S. Department of Commerce, urging the administration to investigate and address potential national security risks posed by BrainCo, a neural technology company allegedly funded by the People’s Republic of China (PRC). KEY EXCERPTS: “The Committee on Energy and Commerce has long warned about the national and economic security risks of CCP-aligned entities accessing Americans’ personal and proprietary information. The use of American data by CCP-aligned entities, such as BrainCo, to develop and deploy AI underscores our concerns. […] The Committee urges swift action to investigate and address the potential national and economic security risks posed by BrainCo’s operations in the United States and its access to Americans’ personal information.” BACKGROUND: According to recent reporting , the company was started by MIT and Harvard scientists but has “been quietly backed by the Chinese government-linked entities for nearly a decade.”  BrainCo products reportedly harvest personalized brainwave data from users.  BrainCo is reportedly working with sanctioned PRC military contractors.  BrainCo products reportedly have been used by Olympic gold medalist Mikaela Shiffrin, number two world tennis player, Jannik Sinner, U.S. Olympic teams, and many others.  Along with DeepSeek , BrainCo is considered one of China’s “Six Little Dragons” — meaning one of the CCP’s most promising young tech startups. The PRC’s National Intelligence Law of 2017 requires PRC individuals and entities to support PRC intelligence services. CLICK HERE to read exclusive coverage of the letter. CLICK HERE to read the Hunterbrook Media story on their investigation into BrainCo. CLICK HERE to listen to the corresponding Pablo Torre Finds Out podcast episode. CLICK HERE to read the letters to Attorney General Bondi, Chairman Ferguson, and Secretary Lutnick. ###

WASHINGTON, D.C. – Today, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman Gus Bilirakis (FL-12), Chairman of the Subcommittee on Commerce, Manufacturing, and Trade, along with 10 members of the subcommittee, sent a letter to DeepSeek regarding their data practices and close relationship with the Chinese Communist Party (CCP). “DeepSeek admits to sending Americans’ personal information to servers in China, where it is undoubtedly accessed by officials connected to the Chinese Communist Party. We are concerned that this relationship with agents having close connections to our primary adversary jeopardizes our data and our national security,” said Chairmen Guthrie and Bilirakis. “To ensure Americans and their businesses are secure from foreign interference, we are launching this investigation into DeepSeek and the risks it poses to our nation.” KEY LETTER EXCERPT: “By its own admission, the company’s mobile application—available on app stores in the U.S.—is sending Americans’ personal information to servers in the People’s Republic of China. According to media reports, the company is also sharing users’ personal information with other CCP-linked entities, including ByteDance Ltd. Researchers, meanwhile, have identified serious weaknesses in DeepSeek’s purported security controls and model safeguards. To address these risks, a growing number of states, including New York, Texas, and Virginia have banned DeepSeek on government devices, with states attorneys-general calling for a broader ban.” Background: On January 20, 2025, DeepSeek launched its open-source AI chatbot. On February 18, 2025, DeepSeek was accused of sharing user data with ByteDance, the parent company of TikTok. On March 6, 2025, 21 state attorneys-general urged Congressional leadership to prohibit government devices from “downloading and using the Chinese Communist Party’s DeepSeek AI Software.” On April 16, 2025, the Select Committee on the Chinese Communist Party published a report on DeepSeek funneling American data to the CCP and manipulating results to align with CCP propaganda. The Committee members requested answers to the following questions: Provide a detailed description of the types and sources of data used to train your AI models, including any U.S. personal or proprietary information. Confirm whether information entered into your AI applications or chatbots by American consumers or businesses is used to train your AI models. If yes, identify where this information is stored and accessed from, and whether it is shared with any state entity of the People’s Republic of China or other Chinese companies. Describe the technical, administrative, and physical controls used to secure personal and proprietary information associated with your AI offerings, as well as your process for evaluating the security of third-party service providers. Provide a detailed description of any U.S. technology products or services used to develop, integrate, or bring to market your AI offerings. This includes the use of open and closed source AI models developed by U.S. companies and the unauthorized “distillation” of American models. Provide a detailed description of how your AI models are developed and trained, including any steps taken to influence system outputs for alignment with Chinese Communist Party ideology or political goals. Provide a detailed description of any direct or indirect subsidies you receive from the People’s Republic of China, or its political subdivisions, related to AI development. Confirm whether your company has received a request from the People’s Republic of China, or its political subdivisions, for data related to your company’s AI offerings. This includes personal and proprietary data used to train or finetune an AI model and data ingested by your AI services. CLICK HERE to read the full letter. CLICK HERE to read the story from Fox News. ###

WASHINGTON, D.C.  – Today, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, Congressman Gus Bilirakis (FL-12), Chairman of the Subcommittee on Commerce, Manufacturing, and Trade, and Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, sent a letter to 23andMe regarding the handling of Americans' sensitive data following the company's decision to file for bankruptcy. KEY EXCERPT: “According to 23andMe’s privacy statement, in a bankruptcy, customers’ ‘Personal Information may be accessed, sold or transferred as part of that transaction and this Privacy Statement will apply to [customer] Personal Information as transferred to the new entity.’ Additionally, a judge recently ruled 23andMe has the right to sell the sensitive medical and genetic information of its 15 million customers, which is considered to be the company’s most valuable asset. With the lack of a federal comprehensive data privacy and security law, we write to express our great concern about the safety of Americans’ most sensitive personal information.” Background: On March 23, 2025, 23andMe initiated Chapter 11 bankruptcy proceedings, which could have ramifications for the highly sensitive information of millions of Americans. While Americans’ personal health information is protected under the Health Insurance Portability and Accountability Act (HIPAA), these protections only apply if the information is collected by a HIPAA covered entity. Generally, direct-to-consumer companies, like 23andMe, are not covered by HIPAA. Customers have reported issues accessing and deleting their data from their 23andMe accounts. The Chairmen have requested answers to the following questions: If 23andMe were to sell the personal information of its customers either as a standalone asset or as part of a broader sale of the company, what post-sale data privacy and security protections would be in place for its customers’ personal information? Please describe how the representations made in 23andMe’s privacy statement will continue to apply—and be enforced—if the personal information of 23andMe’s customers is sold to a third party. Please include in this response information about what, if anything, would hold a third-party buyer to 23andMe’s privacy statement or prevent it from subsequently using, transferring, or otherwise selling, such information in the future. Does 23andMe plan to change its privacy statement at any time prior to selling any customers’ personal information? If so, please explain the change 23andMe plans to implement and when those changes will go into effect. Does 23andMe intend to vet prospective buyers to which it may sell its customers’ personal information? If so, please detail the vetting process and whether it will include the prospective buyer’s history of implementing data security protections and compliance with sectoral, state, or any other data privacy and security laws. If not, please explain why. Please detail the categories of customer information 23andMe has, and of that what 23andMe is considering selling. Has 23andMe notified its customers of the company’s bankruptcy announcement? If so, please attach the customer notification. If not, please explain why. Has 23andMe provided its customers with a guide for how to delete, or request to delete any information currently in 23andMe’s possession? If so, please provide a copy of that guide and specify when it was provided to customers. If not, please explain why, and explain whether 23andMe will contact each of its customers and provide an opportunity to delete their personal information prior to a potential sale of the company or personal information maintained by the company. Please detail the number of requests 23andMe received from its customers to delete their personal information between when 23andMe filed for bankruptcy and the date of the response to this letter. Of those requests, please provide a breakdown of how many requests were made by customers through their 23andMe online accounts and how many were made via customer service calls because customers were unable to successfully delete their information through their online accounts. Of those requests, please detail the number of fulfilled requests. Will 23andMe offer for sale any information in which a customer has requested the deletion of such information? If so, does 23andMe’s privacy policy consider selling information a legitimate purpose for retaining information past a customer's request to delete their information? Will 23andMe deidentify its customers’ personal information prior to selling it or the company? If so, please detail which information will be deidentified. If not, please explain why the company is electing not to deidentify information. CLICK HERE to read the full letter. CLICK HERE to read the story from CNBC. ###

Members press companies to answer what information is collected and where it is sold Washington, D.C. — House Energy and Commerce Committee Republicans, led by Chair Cathy McMorris Rodgers (R-WA) and Committee Democrats, led by Ranking Member Frank Pallone, Jr. (D-NJ), today wrote to the heads of data broker companies, requesting information to help the Committee protect Americans’ data from misuse. They were joined by Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA) and Ranking Member Kathy Castor (D-FL), Subcommittee on Innovation, Data and Commerce Chair Gus Bilirakis (R-FL) and Ranking Member Jan Schakowsky (D-IL), Subcommittee on Health Chair Brett Guthrie (R-KY) and Ranking Member Anna G. Eshoo (D-CA), and Subcommittee on Communications and Technology Chair Bob Latta (R-OH) and Ranking Member Doris Matsui (D-CA).  BACKGROUND:   The Subcommittee on Oversight and Investigations launched a bipartisan investigation at a hearing on April 19, 2023, titled “Who is Selling Your Data: A Critical Examination of the Role of Data Brokers in the Digital Economy.”  Data brokers purchase, collect, aggregate, license, sell, or otherwise share a wide range of information from Americans, including but not limited to demographic, location, and health data.  These companies profit from trading in Americans’ personal information, including sensitive information, often with little government oversight and in some cases, without any concern for how buyers use the consumer data that they purchase from brokers.  A recent study from Duke University found, for example, that “some data brokers are marketing highly sensitive data on individuals’ mental health conditions on the open market, with seemingly minimal vetting of customers and seemingly few controls on the use of purchased data.”  KEY EXCERPT:   “American privacy concerns in the data broker industry are not new, and existing laws do not sufficiently protect Americans’ data from misuse. In 2014, the FTC issued a report recommending that Congress require data brokers to increase transparency and give Americans more control of their data. However, data brokers can easily circumvent existing rules and laws regarding the collection and sharing of certain types of data, such as HIPAA.   “Enacting a comprehensive federal privacy law is a top priority for the Committee on Energy and Commerce. Currently, Americans do not have control over whether and where their personal data is sold and shared; they have no guaranteed way to access, delete, or correct their data; and, they have no ability to stop the unchecked collection of their sensitive personal information. According to the Electronic Privacy Information Center, the overcollection and secondary uses of personal data, including the sale to and use by data brokers, are inconsistent with the reasonable expectations of online consumers and may lead to discriminatory targeting that violates the privacy and autonomy of consumers.”  The leaders asked the companies for information pertinent to helping the Committee understand how data brokers purchase, collect, use, license, and sell Americans’ data, including:  What data elements do you possess on Americans and market to your clients?   In particular, do you possess any of the following:  Americans’ health data? If yes, what kind of health data?  Americans’ location data? If yes, what data elements?  Americans’ phone data, such as data on any apps downloaded on their mobile devices? If yes, what data elements?  Information revealing Americans’ purchase history? If yes, what data elements?  Information about children under the age of 13?  Information about children between the ages of 13 and 18?  Are there any categories of Americans’ personal information that you will not purchase, collect, aggregate, license, or sell and, if so, what categories are those?  When you license, sell, or otherwise share Americans’ personal information with your clients, do you require your clients to disclose the purpose(s) for which they will use the data?   If so, what do you do, if anything, to confirm they are using the data for the stated purpose(s)?  How much money did you spend in each of the past five years on purchasing or licensing Americans’ personal information?  What percentage of your annual revenue for each of the past five years was derived from selling or licensing Americans’ personal information?  How many clients did you sell or license Americans’ personal information to?  Does your company use the personal information of Americans that you purchase, collect, or aggregate to categorize people based on income, sex, age, race, or other categories?  What steps, if any, does your company take to protect data of users under eighteen?  When you become aware that you or your clients have transferred Americans’ personal information to a foreign adversary or a company beholden to a foreign adversary—currently defined by the Secretary of Commerce to include China, Russia, North Korea, Cuba, the Maduro regime in Venezuela, and Iran—do you notify the individual(s) whose personal information has been transferred or any U.S. government entity? If not, why not?  You can view the letters below:  Acxiom LLC AtData Babel Street   CoreLogic Solutions, LLC   Epsilon Data Management, LLC Equifax   Experian   Gravy Analytics, Inc. Intelius, LLC Kochava Inc. LiveRamp, Inc. Mylife   Oracle America, Inc.   PeopleConnect, Inc. Placer.ai   RELX Safegraph Inc. Spokeo, Inc.   Thomson Reuters   TransUnion   Verisk Analytics   Whitepages, Inc.

Washington, D.C. — House Energy and Commerce Committee Chair Cathy Rodgers (R-WA), Subcommittee on Communications and Technology Chair Bob Latta (R-OH), Subcommittee on Health Chair Brett Guthrie (R-KY), Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA), Subcommittee on Innovation, Data, and Commerce Chair Gus Bilirakis (R-FL), Subcommittee on Environment, Manufacturing, and Critical Materials Chair Bill Johnson (R-OH), and Subcommittee on Energy, Climate, and Grid Security Jeff Duncan (R-SC) wrote to the heads of the Department of Energy, Department of Health and Human Services (HHS), Environmental Protection Agency (EPA), and Department of Commerce laying out expectations for intergovernmental cooperation regarding oversight. As Chair Rodgers said in the full committee markup of Energy and Commerce’s Authorization and Oversight Plan for the 118th Congress, “We have a responsibility to conduct oversight to get answers on behalf of those we serve and to ensure accountability so the government is responsive to the American people.” The members outline the below seven principles for each agency or department to comply with Congressional requests and provide answers the American people deserve. 1. For all requests or questions, please reproduce the requests or questions presented in a written letter with the department or agency response. 2. In the spirit of comity and inter-branch accommodation, your department or agency should endeavor to cooperate as much as possible with committee oversight requests. If your department or agency has determined it will not voluntarily cooperate with the requests, please provide electronic written notice within two business days specifying which requests you are declining to cooperate with and the stated reasons for voluntary noncooperation. 3. Your department or agency should make a determination on whether certain requests cannot be fulfilled as presented. Provide electronic written notice within one business week of receipt of the request about such determinations, stating the reasons why. If there is an alternative approach that could address the Committee’s request, then such an alternative approach should be suggested in the interests of comity and inter-branch accommodation. 4. If the department or agency needs clarification about a Committee request, your staff should make good faith efforts to contact Committee staff for assistance as soon as possible. 5. We expect your department or agency to provide a written response to our oversight requests within two weeks of receipt of the letter. If the department or agency needs additional time to respond to Committee requests, your staff should make good faith efforts to contact Committee staff for assistance as soon as possible. 6. If your department or agency has determined that certain requested documents cannot be produced pursuant to a privilege or other legal basis, your department or agency should submit an index of the withheld documents and the privilege asserted within two business weeks of receipt of the request letter. 7. If your department has determined that a requested witness cannot be made available pursuant to a privilege or other legal basis, your department or agency should submit in writing an explanation of the privilege or other legal basis asserted within two business weeks of receipt of the request letter. CLICK HERE to view the letter to Energy Secretary Jennifer Granholm. CLICK HERE to view the letter to HHS Secretary Xavier Becerra. CLICK HERE to view the letter to EPA Administrator Michael Regan. CLICK HERE to view the letter to Commerce Secretary Gina Raimondo.

Washington, D.C. —  House Energy and Commerce Committee Republican Leader Cathy McMorris Rodgers (R-WA), along with Health Subcommittee Republican Leader Brett Guthrie (R-KY), Communications and Technology Subcommittee Republican Leader Bob Latta (R-OH), Consumer Protection and Commerce Subcommittee Republican Leader Gus Bilirakis (R-FL), and Oversight and Investigations Subcommittee Republican Leader Morgan Griffith (R-VA) sent letters to TikTok, Snapchat, Instagram, and the U.S. Department of Justice on doing more to crack down on illegal fentanyl sales and prevent criminals from exploiting these platforms to sell this deadly poison. Excerpts and highlights from the letter to TikTok CEO Shou Zi Chew:   “We write with significant concerns regarding the use of TikTok by drug dealers to sell illicit and deadly substances, especially to children and minors.  We have read numerous reports and heard personal stories from parents who have tragically lost their children to fentanyl and fentanyl-related substances from pills purchased from drug dealers on TikTok. The loss of these young lives shows not enough is being done to crack down on this illegal activity and prevent criminals from exploiting your platform to sell this deadly poison.     “Our country’s communities and families are facing an unprecedented crisis due to the increasingly widespread presence of fentanyl and fentanyl-related substances.  In 2021, nearly 108,000 people died of drug overdoses; 71,000 of which were from fentanyl or fentanyl-related substances. Between FY2020 and FY2021, more than 10,000 pounds of illicit fentanyl were seized at our southern border, enough to kill every American seven times over. Law enforcement in communities across the country are seizing record amounts of illicit fentanyl pills, including a case earlier this summer where two Washington State men were arrested in California with 1 million pills containing fentanyl.    “The widespread availability and sale of these illicit pills containing fentanyl has led to record levels of overdose deaths. Every overdose is a tragedy and more must be done to facilitate access to treatment for those suffering from a substance use disorder (SUD).  However, many of these overdose deaths are unrelated to SUDs and have occurred in individuals taking a single pill they thought was prescription medication but was instead counterfeit and laced with fentanyl.  According to the Drug Enforcement Agency (DEA), these fake pills are often manufactured to resemble ‘real prescription opioid medications such as oxycodone (Oxycontin®, Percocet®), hydrocodone (Vicodin®), and alprazolam (Xanax®); or stimulants like amphetamines (Adderall®).’  “Tragically, in these instances, traditional methods to combat opioid addiction and overdoses, such as SUD treatment or distribution of fentanyl test strips, are not effective.  More must be done to combat this epidemic of tragic overdoses, and TikTok must do more to combat the illegal activity on its platform. A consistent theme of this crisis is the purchasing of pills believed to be something else by teenagers and youth using TikTok’s platform. TikTok must do more to combat the use of its platform for illegal activity, especially drug dealers peddling this dangerous poison.”   CLICK HERE  to read the full letter to TikTok. CLICK HERE  to read the full letter to Snapchat. CLICK HERE  to read the full letter to Instagram.  CLICK HERE  to read the full letter to the U.S. Department of Justice.

Washington, D.C. — House Energy and Commerce Committee Republican Leader Cathy McMorris Rodgers (R-WA), Committee Chairman Frank Pallone, Jr. (D-NJ), and Subcommittee Leaders sent letters to the Departments of Commerce, Energy, Health and Human Services, and the Environmental Protection Agency requesting briefings to address concerns about how the U.S. government is identifying and mitigating potential compromises to its network security.  Oversight and Investigations Subcommittee Republican Leader Morgan Griffith (R-VA), Subcommittee Chairwoman Diana DeGette (D-CO), Communications and Technology Subcommittee Republican Leader Bob Latta (R-OH), Subcommittee Chairman Mike Doyle (D-PA), Consumer Protection and Commerce Subcommittee Republican Leader Gus Bilirakis (R-FL), Subcommittee Chairwoman Jan Schakowsky (D-IL), Energy Subcommittee Republican Leader Fred Upton (R-MI), Subcommittee Chairman Bobby Rush (D-IL), Environment and Climate Change Republican Leader David McKinley (R-WV), Subcommittee Chairman Paul Tonko (D-NY), Health Subcommittee Republican Leader Brett Guthrie (R-KY), and Subcommittee Chairwoman Anna G. Eshoo (D-CA) also joined in sending the letters to the federal agencies.  Excerpts and highlights from the letter to Energy Secretary Jennifer Granholm:  “Secretary Granholm:   “We write to request a briefing from your department related to the recent open-source software vulnerability—Apache Log4j. The ubiquitous nature of this vulnerability and the hundreds of thousands of known exploits since its disclosure raise concerns about how the U.S. government is identifying and mitigating potential compromises to its network security.”   […]   “On December 11, 2021, CISA Director Jen Easterly stated that ‘this vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.’ She later added, ‘[t]o be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector.’”   […]   “Over the past several years, the Committee has done extensive work on cyber threats, including hearings and investigations examining the information-security programs and controls over key computer systems and networks at multiple agencies under the Committee’s jurisdiction.  Because the Log4j vulnerability is widespread and can affect enterprise applications, embedded systems, and their sub-components, the Committee is seeking to gain a comprehensive understanding of the scope of the vulnerability and actions being taken to mitigate its effects. The risk to federal network security is especially concerning because nation-state threat actors have attempted to exploit this Log4j vulnerability.   “Accordingly, we request a staff briefing to discuss your department’s response to the Log4j vulnerability by August 10, 2022, including the following questions:  When did your department first learn of the Log4j vulnerability?  When did your department first learn of the Log4j vulnerability?  What specific actions has your department taken in response to CISA’s guidance in December 2021 and subsequent directive on April 8, 2022, regarding the Log4j vulnerability?   What tools does your department employ to detect all instances of the Log4j vulnerability on your networks? What is your department’s schedule for identifying the Log4j vulnerability?  Does your department employ software that utilizes Apache Log4j? If so, how many software products employed by the department include the Log4j vulnerability?   Has your department been impacted by a compromise or exploitation of the Log4j vulnerability? If so, when was your department first compromised, when did you detect the compromise, what was the extent of the compromise, and how did the department address the compromise?   What incident alert thresholds does your department have for potential compromises generally, and what are your requirements for escalating and reporting anomalies?  Does your department have a specific plan to identify and remediate, on an ongoing basis, software that it uses to ensure the department is not currently using software vulnerable to a cyber threat?”  CLICK HERE to read the letter to the Department of Commerce.   CLICK HERE to read the letter to the Department of Energy.   CLICK HERE to read the letter to the Department of Health and Human Services.   CLICK HERE to read the letter to the Environmental Protection Agency.   CLICK HERE to read the letter to the National Telecommunications and Information Administration.