Garbarino & Gimenez Opening Statements In Transportation Cybersecurity Hearing
WASHINGTON, DC – Rep. Andrew Garbarino (R-NY), Ranking Member of the Cybersecurity, Infrastructure Protection & Innovation Subcommittee, and Rep. Carlos Gimenez (R-FL), Ranking Member of the Transportation & Maritime Security Subcommittee, delivered the following opening statements in a joint subcommittee hearing entitled, “Transportation Cybersecurity: Protecting Planes, Trains, and Pipelines from Cyber Threats.”
Ranking Member Garbarino’s Opening Statement (as prepared for delivery)
Thank you, Chairwoman Clarke and Chairwoman Watson Coleman for holding this important hearing today. And thank you, Ranking Member Gimenez, for your continued leadership on transportation security.
As you know all, cybersecurity remains an area of bipartisan cooperation in Congress.
Bringing together these two subcommittees is a continuation of the bipartisan spirit that makes this committee function so well, but there remains room for improvement.
This year, the full Committee and our Cybersecurity Subcommittee have held several hearings in the aftermath of major cyber incidents to review the state of our nation’s cyber preparedness and assess the overall efficacy of response mechanisms across the federal government and within various industry sectors.
This joint hearing is a great opportunity to continue that work, focusing on the transportation sector, which impacts millions of Americans.
Everyday Americans are already experiencing the impact of a pervasive supply chain crisis. Goods are becoming more expensive and harder to find. Nearly every sector of our economy has been affected by this problem, which is particularly acute in the auto industry.
We have already witnessed the impact of a devastating ransomware attack on Colonial Pipeline, which led to gas shortages on the East Coast. Imagine a similar attack on a major U.S. port, airline, or major logistics company as the holidays approach.
We must ensure there is a robust partnership between the Department of Homeland Security, particularly the Cybersecurity and Infrastructure Security Agency (CISA), the Transportation Security Agency (TSA), and the U.S. Coast Guard and the owners and operators of our transportation systems.
I hope that this hearing reviews the cyber preparedness of our critical transportation systems and how agencies like CISA, TSA, and the Coast Guard can enhance their programs, services, and guidance to best ensure entities can defend and mitigate the threat of cyber attacks.
I am particularly interested in learning more about DHS’ use of security directives as a tool for enforcing new security standards.
I would like to hear testimony and learn from our witnesses regarding the impact of security directives, and how TSA is working with relevant partners to ensure robust industry input, because they know their sector best.
I would also like to hear from our witnesses on the extent to which industry expertise and feedback is utilized in the creation of these security directives.
Members of this committee, including myself, are actively engaged in crafting mandatory cyber incident reporting legislation to improve CISA’s visibility into cyber incidents impacting our Nation’s critical infrastructure. I thank Chairwoman Clarke for her leadership and partnership on this effort.
I’ve also been working closely with Ranking Member Katko and Rep. Spanberger to introduce bipartisan legislation to authorize the Director of CISA to establish a stakeholder-driven, transparent process for identifying the owners and operators of our Nation’s most critical infrastructure – known as systemically important critical infrastructure. How can we expect CISA, and other Sector Risk Management Agencies to prioritized limited services if we don’t know who is the most critical?
It is also incumbent on Congress to ensure such a program includes the appropriate guard rails, guidance, and built-in mechanisms for industry collaboration, such an important program must be done right. I believe that the Securing Systemically Important Critical Infrastructure Act strives for these very principles. I’m disappointed that the committee held a markup this morning, and this legislation was not included despite months of industry collaboration and attempts to collaborate with the majority.
I do want to note Rep. Langevin’s leadership on this important issue, and his transparency with the Minority. I look forward to working with him, and you Chairwoman Clarke on this legislation, to continue to bipartisan nature of this subcommittee.
Lastly, I’ll just say that the issue of transportation cybersecurity hits close to home. It was shortly after New York’s MTA systems were hacked in April, and discovered in June, in which Secretary Mayorkas announced intentions to create a new security directive for major rail and aviation entities.
I look forward to learning from our panelists here today about what his committee can do to help TSA, CISA, and the Coast Guard work towards an enhanced public-private partnership with owners and operators of our Nation’s transportation system.
Ranking Member Gimenez’s Opening Statement (as prepared for delivery)
Thank you, Chairwomen Clarke and Watson Coleman, for holding this important hearing today. And to Ranking Member Garbarino as well. I’m glad that we can bring these two subcommittees together to discuss how to protect our vital aviation, surface transportation, and maritime systems from cyber threats.
I know firsthand from my time as Mayor of Miami-Dade County how important these systems are to the flow of people and goods and the overall health of our economy. As we’re seeing right now with supply chain challenges and the increasing prices in everyday goods, keeping our transportation systems operating at a high level is imperative.
The recent ransomware attack on Colonial Pipeline only served to highlight what owners and operators of these critical infrastructure systems already knew — a significant cyber incident has enormous ramifications to their systems and can cripple the goods and services that our Nation relies on.
Transportation system owners and operators have enhanced their cybersecurity practices and real-time information sharing over the years, but there is always more that can be done to strengthen our defenses.
As TSA moves forward with new cybersecurity directives for aviation, rail, and mass transit in the next few weeks, it’s important that industry is fully consulted as these requirements are drafted and implemented. The owners and operators know their systems the best and what is workable. Having a strong public-private partnership as new cyber requirements are imposed in the transportation sector is key.
I look forward to hearing from the witnesses today on their perspectives of how to strengthen cybersecurity throughout our transportation systems.
Madam Chairwoman, I yield back.