Katko & Garbarino Opening Statements in Cyber Defense Hearing

WASHINGTON, DC – Rep. John Katko (R-NY), Ranking Member of the House Committee on Homeland Security, and Rep. Andrew Garbarino (R-NY), Ranking Member of the Cybersecurity, Infrastructure Protection and Innovation Subcommittee, delivered the following opening statements in a subcommittee hearing entitled, “Mobilizing our Cyber Defenses: Maturing Public-Private Partnerships to Secure U.S. Critical Infrastructure.”

Ranking Member Katko’s Opening Statement (as prepared for delivery)

Thank you, Chairwoman Clarke and Ranking Member Garbarino for holding this important hearing today.

The public-private partnerships that CISA maintains are integral to its ability to protect the nation from cybersecurity threats.

Yesterday’s full committee hearing showed us that CISA’s work in this space is excelling, but there is always room for improvement.

We must work to ensure that CISA maintains the tools, resources, and relationships it needs to protect our nation’s critical infrastructure.

I’ve worked diligently to ensure that CISA is adequately resourced in terms of funding, authorities, and workforce, but we can’t overlook the importance of the close and trusted relationships that CISA maintains.

Those relationships are what allows the agency to collect and disseminate timely and valuable threat information.

Despite the passage of Cyber Incident Reporting legislation this year, we can’t lose sight of the value of those voluntary relationships.

For example, last year, CISA took an important step forward by leveraging the authorities provided in the FY 21 NDAA to establish the Joint Cyber Defense Collaborative, or “JCDC.”

As the Committee discussed yesterday, the JCDC has served as a force multiplier for our nation’s cybersecurity, and it is wholly dependent on the voluntary relationship framework.

Last year, I introduced the Securing Systemically Important Critical Infrastructure Act to allow CISA to more efficiently allocate its resources by establishing a thoughtful, transparent, stakeholder-engaged process to identify what truly constitutes critical infrastructure.

This methodical identification process would be accompanied by prioritization of benefits for those entities deemed SICI. For the first time, this effort would move CISA away from the current first-come, first-served model by establishing a true risk-based approach to Federal cyber assistance.

While there are conflicting opinions on the right direction for SICI, I think we can all agree that allowing CISA to maintain its close partnerships with the private sector is the keystone to its long-term success, and the cybersecurity of our nation.

I look forward to exploring these issues further with our witnesses. Thank you again for being here, and thank you, Chairwoman Clarke and Ranking Member Garbarino, for your work on these issues.

Ranking Member Garbarino’s Opening Statement (as prepared for delivery)

Thank you, Chairwoman Clarke, for calling this hearing today. I appreciate our witnesses being here to discuss how we can bridge the gap between public and private stakeholders, and to discuss ongoing efforts to identify and secure systemically important critical infrastructure.

It is no secret that we are facing an unprecedented level of cyberattacks against our nation’s critical infrastructure. Recent breaches like Colonial Pipeline and SolarWinds, among others, are sobering reminders of the devastation that attacks can cause to our economic and national security.

Additionally, yesterday’s full committee hearing provided us with a stern reminder that the cyber threats posed by foreign adversaries are only becoming more potent. The potential for malicious Russian cyberactivity, as well as attacks by other adversarial nations like China, Iran, and North Korea, is only increasing. Congress must continue to facilitate public and private partnerships that are able to meet and repel these threats.

Cyberspace is seemingly endless, and the federal government’s visibility to monitor cyber incidents is limited. While Congress recently took an important step by codifying our subcommittee’s incident reporting framework at CISA, there is more that can be done. The vast majority of our nation’s critical infrastructure is owned and operated by the private sector. Therefore, information sharing between these stakeholders and the federal government is necessary to effectuate meaningful change.

We need a process for the federal government to identify which infrastructure is systemically important and we need a plan for the private sector to protect those assets.

Earlier this Congress, I joined my colleagues Mr. Katko and Mrs. Spanberger in introducing bipartisan legislation, the Securing Systematically Important Critical Infrastructure Act. The bill authorizes CISA to designate certain entities of critical infrastructure as systemically important. By designating key elements, the federal government will signal to the private sector the assets that they should specifically prioritize in order to secure our nation’s critical sectors. As an original co-sponsor of this effort, I am confident that this is the best path forward.

I’m pleased to have an expert panel of witnesses here today to hear their perspectives on this initiative. We must create the foundation for strong public-private collaboration without adding additional regulatory burdens for industry.

I’d like to say a quick note of thanks to CISA’s Region II team for joining me last week for a successful cybersecurity webinar for critical infrastructure partners in my district. It’s information sharing like this, coupled with cyber incident reporting, and systemically important critical infrastructure designation, that will be instrumental in hardening our cyber defenses.

I look forward to hearing from our witnesses on how we can best move forward.

Thank you again, Chairwoman.