Rob Portman told a Senate hearing on Thursday US time that there been a great deal of finger-pointing by the government when it came to questions about who was accountable, the Washington Times reported.
He asked officials from the FBI, Department of Homeland Security and Office of Management and Budget who were at the hearing to explain who had to take the blame.
First indications of the attack came to light on 9 December when FireEye announced that its Red Team tools had been stolen.
In response, the OMB federal CISO Christopher DeRusha said there was no problem with the government's response, and listed many agencies as having a role to play.
Portman did not take kindly to this and fired back: “So if everyone is in charge, no one is in charge, right? Who exactly, who is accountable?”
A similar scene was played out in the House of Representatives on Wednesday with 14 politicians, both parties, on the House Energy and Commerce Committee trying to find out which departments had been affected by the attack.
In a related development, questions are continuing to be raised over the extent of Microsoft's involvement in the SolarWinds attacks. As iTWire outlined, the company has been gradually revealing more about its connection to the attack.
Nice to see greater buy-in to referring to this activity as not just the "SolarWinds thing" pic.twitter.com/NWXMCoeK4J— Joe Słowik ⛄ (@jfslowik) March 17, 2021
DomainTools infosec researcher Joe Slowik referred to a notice from the US Cybersecurity and Infrastructure Security Agency, which was headlined "TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise", commenting: "Nice to see greater buy-in to referring to this activity as not just the 'SolarWinds thing'."
The delay in naming a likely actor behind the attacks has led to speculation that Microsoft's software is much more at the centre of the the hack, apart from being the host operating system for Orion.
Many US Government software packages, even in sensitive areas like Defence, still run on ancient versions of Windows like XP.
Given that, and the overwhelming preponderance of Windows in businesses and also homes, and its less-than-stellar security record, Redmond's involvement in this supply chain attack may well end up being much bigger than known at present.