PALO ALTO, Calif. — Today, House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) and Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) delivered the following opening statements in a field hearing to examine issues impacting the United States’ cybersecurity posture and solutions to address them, including around critical infrastructure resilience, technological innovation, and regulatory harmonization. 

Watch Chairman Green’s full opening statement in a hearing entitled, “Innovation Nation: Leveraging Technology to Secure Cyberspace and Streamline Compliance.”

As prepared for delivery:

Good afternoon, everyone. Thank you to The Hoover Institution for hosting us on this beautiful campus. It is no coincidence that we are holding today’s hearing in the heart of Silicon Valley. Since World War II, Silicon Valley has been the world’s shining example of what a nation can accomplish when innovation is unleashed.

It is home to some of America’s most talented and creative minds—innovators who are spearheading major breakthroughs in technological development. From semiconductors to social media, Silicon Valley has produced innovations that have changed the way we work, communicate, and complete daily tasks.

As we know, great technological advancements come with great responsibilities. I am here today to emphasize the importance of prioritizing cybersecurity as we build new capabilities that will continue to change the world.

I have prioritized cybersecurity in Congress, and I hope industry partners—many of which are headquartered here—will join me in our mission to improve our cyber resilience against nation-state and criminal actors, strengthen our offensive posture, and develop new capabilities that incorporate security from the start.

I strongly believe that allowing American innovation to flourish is critical to strengthening our national security. That’s why we must start by injecting common-sense into the regulatory regime. By reducing burdensome, costly, and duplicative requirements on our innovators, we stifle our innovation and hinder security. 

We will continue to explore technological solutions for regulatory compliance and ways that we, as Congress, can help deconflict and simplify cyber regulations. 

This priority pairs well with another focus of mine this Congress: changing the economic models of cybersecurity. The costs and incentives associated with cybersecurity are currently imbalanced in favor of attackers, rather than defenders. 

According to a report by IBM, the global average cost of a data breach in 2024 was nearly $4.9 million. In many cases, to inflict multi-million-dollar damage on U.S. businesses, attackers only need some degree of technical knowledge and a laptop—a fraction of the cost faced by victims.

Fixing the economic models of cybersecurity will require a concerted effort across industry and government. First, we must raise the cost of cyberattacks for our adversaries. From strengthening our offensive posture in cyberspace to creating innovative cybersecurity solutions, the U.S. must make it more challenging and costly for adversaries to strike. 

Second, we must ensure that American businesses—especially private owners and operators of critical infrastructure—are investing in cybersecurity. There needs to be a greater demand for products designed with cybersecurity in mind, accompanied by a supply shift toward more secure information technology and operational technology.

There is an indisputable connection between what happens here in Silicon Valley and the security of U.S. critical infrastructure. The technology and cybersecurity solutions produced here have applications across all critical infrastructure sectors. By improving investment in cybersecurity and raising costs for our adversaries, the entire nation will be more secure.

Cybersecurity truly is a team sport. Our collective defense against cyber threats relies upon public-private partnerships and information sharing. I’m grateful for Chairman Garbarino’s efforts to preserve and enhance these partnerships, including through the reauthorization of CISA 2015, and I look forward to discussing other ways to strengthen public-private partnerships in cybersecurity.

I want to thank our witnesses for joining us here in Silicon Valley. I look forward to discussing the current threat landscape with you, and to examining ways we can realign the economic models of cybersecurity. Our discussion will position us well to dive into solutions with some our nation’s innovators during the breakout session following the hearing.

Watch Chairman Garbarino’s full opening statement here.

As prepared for delivery:

Good afternoon, everyone. Between the talent on this campus and the numerous companies started in Silicon Valley, I am honored to join our nation’s innovators today. You not only build the solutions we need to stay ahead of threats, but also have the creativity to identify the problems that Congress can’t even imagine. Thank you for your interest in our hearing and your partnership.

Our enemies aggressively target U.S. critical infrastructure through novel techniques and persistent campaigns. Volt and Salt Typhoon, two China-backed threat actors, demonstrate that America’s foreign adversaries are intent on finding weaknesses in our cybersecurity wherever they can. It is therefore crucial that America’s cybersecurity capabilities remain ahead of the foreign actors who aim to harm us, and that our technology is secure.

Staying ahead of our adversaries requires a whole-of-society approach—one that unlocks the full potential of our innovative capacity to address and prevent vulnerabilities in our IT and OT. Silicon Valley will be crucial to this effort because many of our cybersecurity leaders are here. Silicon Valley companies are often the frontline defense against cyberattacks, and they will help develop solutions to bolster our homeland defense.

Ensuring we build and use the right cybersecurity solutions requires a strong partnership between the public and private sectors.

The foundation of this collaboration is information sharing—a key focus for my Subcommittee this Congress. Information sharing between the public and private sectors is beneficial not only for staying ahead of threat actors, but also for driving innovation to where it is needed most.

By sharing information about emerging threats and empowering CISA to manage cross-sectoral relationships, information sharing will help develop the tools we need to understand how threat actors operate in cyberspace.

Innovation plays a critical role in keeping up with new tactics, techniques, and procedures of threat actors as our adversaries attempt to compromise U.S. networks by any means necessary.

My Subcommittee recently held a hearing on an important authority—the Cybersecurity Information Sharing Act of 2015, otherwise known as CISA 2015. Information sharing between the public and private sectors heavily relies upon this vital authority, so it is imperative that Congress reauthorizes CISA 2015 before it expires later this year.

I am also pleased that we are talking about regulatory harmonization during today’s hearing. This is a topic which my Subcommittee has explored extensively, especially in the context of CIRCIA—the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Industry’s feedback is critical to obtain an effective, final rule that meets Congressional intent, which is why I look forward to hearing your perspectives on the current regulatory landscape.

Our expert panelists have led the charge in protecting the United States from threats to our cybersecurity. I look forward to hearing your insights into what strategies we can take to promote cybersecurity innovation and best practices.

###