ICYMI: Katko Talks Cyber Priorities At CSIS Event

WASHINGTON, DC – In case you missed it, Rep. John Katko (R-NY), Ranking Member of the House Committee on Homeland Security, joined CISA Director Jen Easterly for a discussion on how to best enhance cybersecurity for critical infrastructure.

During the event, hosted by the Center for Strategic and International Studies (CSIS), Katko highlighted a number of his priorities, including bolstering resources for CISA, passing mandatory incident reporting legislation, identifying systemically important critical infrastructure (SICI), developing CISA’s workforce, and combatting cyber threats from nation-state actors.

Director Easterly praised Katko’s leadership on cybersecurity issues, saying, “I want to specifically thank Ranking Member Katko for taking on a leadership role on a variety of cybersecurity and critical infrastructure priorities, from enhancing CISA’s industrial control systems capabilities, to authorizing CISA’s ability to identify and designate systemically important critical infrastructure – we hope that ends up in the NDAA, to really ensuring that CISA receives that critical cyber incident information by mandatory incident reporting. That support, that leadership is incredibly important to the success of our ability to help defend our nation.”

Click here to watch the discussion. 

Highlights from Katko’s remarks:

Winning In Cyberspace: “One of my top priorities over the past year has been to equip CISA so that it cannot just compete against nation-state adversaries like Russia and China, but win.”

Advancing CISA’s Mission: “CISA has made great progress this year in advancing its mission, in part due to some of the key authorities in the FY21 NDAA that CISA has now fully implemented. I am also planning to build on this success by passing additional authority improvements this year, such as Ranking Member Garbarino’s bill to make the CISA Director’s term five years, and by working across the aisle and the chamber to get mandatory cyber incident reporting across the finish line.”

Mandatory Incident Reporting: “Cyber incidents are rarely sector specific and we need to continue to build on the resources within CISA as the central agency that can quickly connect the dots when a malicious cyber campaign spans multiple sectors, then share that information across the broader critical infrastructure community. But CISA can’t do this successfully unless it has a high degree of visibility into cybersecurity threats and incidents impacting private sector networks.”

Securing Systemically Important Critical Infrastructure: “We live in a world of an increasingly interdependent web of hardware, software, services, and other connected infrastructure. Single points of failure and layers of systemic importance across this ecosystem leave the potential for cascading impact if compromised… I introduced bipartisan legislation to authorize the Director CISA to work in partnership with owners and operators of critical infrastructure to collectively identify which of those should be designated as systemically important and naturally require an enhanced voluntary partnership with the federal government to ensure our collective security.”

Actionable Information: “The discussions in Congress over the past decade have centered around information sharing, which is certainly important, but we also need to ensure that the information being shared with the private sector is actionable and meets the needs of a diverse set of stakeholders. There must be a high value proposition for entities to partner with CISA.”

Developing CISA’s Workforce: “All of this can’t be done without a professional cybersecurity workforce and an efficient operational organization. I have concerns that CISA does not yet have the deep cadre of cybersecurity professionals it needs and lacks a professional human resources organization to bring these individuals in and retain them. This is something I plan to focus on soon, and I am pleased that Director Easterly is making this one of her top priorities and look forward to working with her on this effort.”

Pre-Eminent Threat Actor: “I cannot state clearly enough that China is the pre-eminent threat actor that we face as a nation and that they are increasingly leveraging the cyber realm to impact the homeland… The U.S. needs to continue attributing and punishing, to the most severe extent possible, nation-state sponsored cyber intrusions. And our homeland security apparatus should be poised to defend against these intrusions while protecting systemically important critical infrastructure.”