Garbarino Delivers Opening Remarks for Subcommittee Hearing on the State of American Cyber Security

WASHINGTON, D.C. – House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) delivered the following opening remarks in a hearing to evaluate the state of the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security through the lens of the Committee’s CISA 2025 initiative.

The full hearing is livestreamed here.

Watch Chairman Garbarino’s full opening remarks for a hearing entitled, “CISA 2025: The State of American Cybersecurity from a Stakeholder Perspective.”

I’d like to thank the Members of the subcommittee and our witnesses for joining us for our first hearing of the Cybersecurity and Infrastructure Protection subcommittee of the 118th Congress. I’m honored to continue the great work we started in this subcommittee last Congress—this time, as Chairman.

We are here today to discuss a key agency to our homeland security: the Cybersecurity and Infrastructure Security Agency, or CISA, within the Department of Homeland Security. CISA has a critical mission set. It is tasked with administering federal cybersecurity requirements, supporting private sector cybersecurity, engaging with the sector risk management agency community, and ensuring the physical security of our critical infrastructure. Today, we will focus specifically on the cyber aspects of CISA’s mission.

CISA has a direct impact on securing critical infrastructure, federal agencies, and our way of life. It is an agency built on partnerships—and those partnerships with stakeholders play an important role in furthering CISA’s mission. So today, we will hear from some of those stakeholders to understand CISA’s strengths, weaknesses, and where it needs to go in the future.

In recent years, the United States has experienced a deluge of high-profile cyber incidents, from SolarWinds, to Colonial Pipeline, to the Log4Shell vulnerability. Our cyber defenses, workforce, and processes have been put to the test, and CISA has been at the center of every response. These incidents have elevated cybersecurity issues across the country and highlighted the importance of securing both federal and critical infrastructure networks.

As a result of the evolving cyber threat landscape, Congress has asked a lot of CISA from day one, and expected it to succeed.  The reality is that CISA is still a young agency; it was created in 2018 and since then, it has grown exponentially.  Since Fiscal Year (FY) 2019, Congress has nearly doubled CISA’s annual budget, from $1.68 billion in Fiscal Year 2019 to $2.9 billion in Fiscal Year 2023. And we’re now looking at the Fiscal Year 2024 request of $3.1 billion.  This level of funding would be a lot for even a large, mature Department to handle.

Congress has also given CISA significant new authorities, including the responsibility of establishing a cross-sector incident reporting rulemaking and the authority to persistently hunt for threats on federal networks without prior agency approval. Properly executed, these new authorities and resources will help CISA accomplish its mission.

This Congress, our subcommittee will conduct rigorous oversight of CISA to ensure those new authorities are implemented appropriately and CISA is a responsible steward of taxpayer dollars.  We need to take a step back and allow CISA to get a handle on their new responsibilities and ask pointed, but productive, questions about its efforts. Like CISA is a partner to industry to help them improve their cyber posture, Congress should be a partner to CISA to help the agency mature and reach its full potential.

We have four distinguished witnesses to kick off our efforts.  Each witness brings a different perspective on CISA and its partnerships. With these witnesses, we will examine CISA’s role as the Nation’s Risk Manager and how it balances that role with its responsibilities as a Sector Risk Management Agency, or SRMA, for 8 sectors. We will consider the proper role for regulation while balancing security and collaboration, with CISA as a partner to industry. We will also delve into CISA’s federal network programs as well as external efforts as a partner with the private sector to improve critical infrastructure cybersecurity, particularly through the Joint Cyber Defense Collaborative. Additionally, we will discuss CISA’s efforts to secure operational technology, or OT: an important aspect of its critical infrastructure mission.

Finally, I would be remiss if I did not comment on the need to address the cyber workforce shortage that both the federal government and many industry partners across the sixteen critical infrastructure sectors face. None of these efforts that I’ve outlined today would be possible without a fully-equipped cyber workforce, and I look forward to discussing ways in which we can address the over 700,000 cyber workforce gap that exists today.

I am looking forward to a thoughtful and productive conversation about CISA and how it could improve and grow in the future.  It’s imperative that CISA succeed in its important mission and I look forward to working with my colleagues to find bipartisan ways to ensure that it does.

###