Skip to content


Garbarino Opening Statement in Cybersecurity Hearing

September 15, 2022

Garbarino Opening Statement in Cybersecurity Hearing

WASHINGTON, DC – Rep. Andrew Garbarino (R-NY), Ranking Member of the Cybersecurity, Infrastructure Protection & Innovation Subcommittee, delivered the following opening statement in a subcommittee hearing entitled, “Building on our Baseline: Securing Industrial Control Systems Against Cyberattacks.”

Ranking Member Garbarino’s Opening Statement (as prepared for delivery)

Thank you, Chairwoman Clarke, for holding what is sure to be an informative hearing. And thank you to our witnesses for being here today to discuss the threats posed to industrial control systems (ICS), also known as Operational Technology (OT). The magnitude of these threats is often difficult for many people, including Members of Congress, to grasp.

Securing the foundational technology that underpins our Nation’s most critical functions is a national imperative. ICS systems are responsible for safely and securely operating informational technology (IT) and operational technology (OT) throughout many critical infrastructure sectors such as energy, water, and transportation systems, among others. Most Americans are accustomed to the reliable delivery of national critical functions, like electricity and clean water, but many are not aware of the serious cyber risks these sectors face.

In 2017, the world’s biggest shipping company, Maersk, was one of the high-profile victims of the NotPetya attack. During this attack, the NotPetya malware was able to infiltrate the company’s ICS systems, ultimately, causing container ships and ports to grind to a halt for almost 9 days. Unfortunately, this incident was not solely isolated to the maritime and transportation sector, as the pharmaceutical, food, and other industries were impacted, as well. What’s more, in 2021 alone, 80% of ICS organizations reportedly experienced ransomware attacks.

As more ICS systems across critical infrastructure sectors become connected to the internet, the attack surface will continue to grow exponentially. These legacy ICS systems were not originally designed to be internet-facing, and thus they do not have the appropriate level of cyber resilience baked into their foundations. To mitigate threats, we must consider a thoughtful approach, complementing—but sometimes unique from—our approach to traditional IT cybersecurity. While we must continue to innovate and evolve as a Nation to deliver better, faster, and greater performing services, we must also incorporate baseline cybersecurity protocols into these ICS environments to protectU.S. national and economic security.

The Cybersecurity and Infrastructure Security Agency (CISA) works closely with Federal and private sector partners to secure industrial control systems across the Federal enterprise and throughout each of the 16 critical infrastructure sectors. I’m eager to hear CISA’s perspective on ICS security from Eric Goldstein, and I’m looking forward to diving into the sector-specific ICS concerns of Mr. Gipson from the Idaho National Laboratory.

Again, I would like to thank you all for being here. As I mentioned earlier, we look to experts like you to help us comprehend the magnitude of the threats facing industrial control systems, and the potential solutions Congress could employ to bolster ICS cyber resilience. I look forward to learning something new today from each of our expert witnesses. Thank you again Madam Chair for holding today’s hearing.