Katko Opening Statement at Cybersecurity Hearing

WASHINGTON, DC – Rep. John Katko (R-NY), Ranking Member of the House Committee on Homeland Security, delivered the following opening statement during a full committee hearing entitled, “Homeland Cybersecurity: Assessing Cyber Threats and Building Resilience:”

As you know, cybersecurity remains an area of great bipartisan cooperation in Congress.

And for that, we should be thankful, because it is also the pre-eminent national and homeland security threat of our time.

Every axiom we’ve heard about the importance of cybersecurity is more true than ever before. It underpins almost every aspect of our way of life, it impacts the resilience of every single Critical Infrastructure sector, and it stands between our most sensitive data being secure – or being exploited – by our enemies.

While general awareness of cyber threats is becoming commonplace, the cybersecurity resilience of our great nation leaves undeniable room for improvement.

We’re still living in the wake of the SolarWinds campaign – one of the most devasting cyber espionage campaigns in history, with our state and local governments, businesses, and constituents being affected by malicious cyber campaigns every single day.

Think about it, this past year, while we were indicting operatives of the Chinese Ministry of State Security for actively trying to compromise COVID vaccine research, Russian actors were simultaneously sitting in federal and non-federal networks, quietly executing what is arguably the most sophisticated cyber espionage campaign in history.

And both of those state-backed campaigns were taking place while a weekly, and often daily, drumbeat of ransomware campaigns crippled city, state, hospital, and school networks already heavily impacted by the pandemic. In my district, the Syracuse City School District and Onondaga County library system both fell victim to ransomware attacks that shut down their systems and halted the critical services they provide.

And just days ago, a hacker reportedly gained access to a water treatment facility in Oldsmar, Florida, and attempted to adjust the water chemical levels through cyber means to poison thousands of residents.

These cyber threats clearly have real world consequences, and we must do everything we can to bring these malicious actors to justice.

The bottom line is that we are still struggling against both the highly sophisticated and the routine.

We can do better. We must do better.

There is, luckily, some reason for optimism.

The creation of CISA as the nation’s lead civilian cybersecurity agency was necessary and long overdue. The agency’s work to harden election systems from the 2016 to 2020 elections was nothing short of heroic. Like everyone in this room, I extend my heartfelt gratitude to Chris Krebs for his service and leadership.

The Cyberspace Solarium Commission created a venue for experts to voice bold ideas, and a mechanism for those ideas to become law. I am proud to have helped usher multiple new authorities for CISA as a part of the FY21 NDAA, which will bolster its visibility across Federal networks, among other important authorities.

CISA should be doubling down on its implementation of these provisions, most importantly, the authority to conduct threat hunting on agencies’ networks.

But the work doesn’t stop there.

It’s easy to sit here and become numb to what often feels like a “breach of the week” in cyberspace. Complicating this landscape further is that cybersecurity risk management, supply chain risk management, third party trust and assurance, and critical infrastructure protection are now inexorably linked. They are layers on top of one another, impossible to disaggregate.

And the sheer volume of the data that our connected systems must secure in transit and at rest is increasing exponentially – a reality only accelerated by the deployment of 5G networks.

Meanwhile, our nation state cyber adversaries, like China, have sophisticated, multi-decade agendas to compromise this data and leverage it for malicious purposes aimed at eroding America’s dominance.

We have a distinguished panel of witnesses who have all spent considerable time in the trenches working valiantly to keep America safe from cyber threats and I welcome their guidance on how we can strengthen our nation’s cybersecurity posture.

I want this to be a hearing about opportunity for action, not just admiration of the problem. We have already ceded critical ground to our global cyber adversaries, and there is simply no time to waste.

I remain deeply concerned that the federal roles and responsibilities for .gov security are too confederated, too clunky, and ultimately inadequate. Giving CISA federal hunt authorities was an incremental step in the right direction, but CISA simply does not have the centralized visibility or authority to nimbly respond. I look forward to hearing ideas from our witnesses about how we can remedy this situation.

And on the heels of SolarWinds, and with the not insignificant potential that Russian actors may still have access to some of our networks, I call on all my colleagues to work together, quickly, to find a legislative vehicle to give CISA the resources it needs to fully respond.

Cybersecurity is a team sport that is ultimately about partnership. We’re all in this together, so let’s get to work.