Pfluger & Garbarino Opening Statements In Hearing On Ransomware
WASHINGTON, DC – Rep. August Pfluger (R-TX), Ranking Member of the Intelligence & Counterterrorism Subcommittee, and Rep. Andrew Garbarino (R-NY), Ranking Member of the Cybersecurity, Infrastructure Protection & Innovation Subcommittee, delivered the following opening statements in a joint subcommittee hearing entitled, “A Whole-of-Government Approach to Combatting Ransomware: Examining DHS’s Role.”
Ranking Member Pfluger’s Opening Statement (as prepared for delivery)
Thank you, Chairwoman Slotkin and Chairwoman Clarke, for holding this important joint subcommittee hearing today, and thank you to our witnesses for joining us to discuss an issue that impacts my constituents as well as those in every other congressional district.
The United States faces an overwhelming threat from cybercrime, especially ransomware. The attacks we have witnessed over the past year on the country’s critical infrastructure put the livelihood, privacy, and way of life of everyday Americans at risk.
The criminals behind these attacks are emboldened not only by the large sums they command for their ransoms, but also by the relative anonymity they are able to maintain. Groups like Hafnium, Nobelium, and REvil launch their attacks from safe havens in Russia and China. They operate because of the blind eye and even encouragement these countries offer. I was glad to see the Department of Justice’s recent indictment of two foreign nationals charged with deploying REvil ransomware to attack businesses and government entities in the United States and I look forward to hearing about the role that DHS played in that investigation. Arrests like these should serve as a warning to every cybercriminal that the United States will bring them to justice no matter where they are located.
I, like my colleagues on this committee, am keenly interested in the preventative measures the American private and public sectors should be taking to mitigate the nefarious efforts of cybercriminals. From local school systems to pipelines supplying vital energy resources across the country, these criminals have highlighted that everyone using modern technology is at risk and we all must take measures to safeguard ourselves. However, when these measures fail, it is up to members of our law enforcement and legal communities to pursue and prosecute those responsible.
When a cyberattack occurs, every minute counts. Criminal investigators and network security experts must work hand in glove to understand the technologies these criminals are using, as well as the specific vulnerabilities they are exploiting.
As demonstrated by the panel before us, DHS has several components dedicated to combatting cybercrime. I am looking forward to hearing about the many ways that these components and offices work within the department, as well as with other agencies, to combat this threat. DHS is doing an incredible job and I commend them for their continued efforts. However, cybercriminals continue growing and evolving, and we must do the same to fully protect our cyber networks. It is important for us to understand how law enforcement entities within DHS and across the federal government are working cohesively, how the cooperative relationship between the government and private entities is being cultivated, and how American’s privacy is prioritized. This is a new frontier in law enforcement, but I am inspired by the work that is already being done.
I am also looking forward to hearing what our witnesses forecast as the future threat. We all understand that at present the imminent actor is Russia, with China also playing a role. Within the Intel and Counterterrorism subcommittee it is important that we also anticipate the upcoming risk. The only way we can be properly equipped with protection and mitigation measures is if we understand the threat coming. To do that we need to know what the cyber landscape will look like in three months, nine months, and even years from now.
Madam Chair, thank you again for holding this hearing. I am sincerely looking forward to hearing the witnesses’ testimonies today, discussing what we are doing and what can be done better, and ensuring that we have an effective, whole of government plan in place to combat the threat of ransomware.
Ranking Member Garbarino’s Opening Statement (as prepared for delivery)
Thank you, Chairwoman Clarke and Chairwoman Slotkin for holding this important hearing today. I appreciate the witnesses being here to discuss the administration’s wholistic efforts to combat ransomware.
Over the past several years ransomware attacks have increased at an alarming rate. This year alone we have witnessed the impact of devastating attacks on Colonial Pipeline, JBS Meats, and yet another school district on Long Island.
Earlier this year both the Bay Shore and Lindenhurst school districts in my district were hit with cyberattacks. And it was recently reported that Manhasset school district on Long Island also experienced an attack in September.
If the past year has taught us nothing else, it’s that no entity is too small nor too big to experience a ransomware attack. We all must stay vigilant to protect ourselves and our country.
This summer, I was pleased to host a ransomware roundtable in my district with local schools, hospitals, small businesses, and government. CISA’s Region 2 team explained how CISA can help mitigate these attacks. CISA’s regional teams are the agency’s secret weapon in this fight – CISA has the tools and capabilities necessary to bolster any entity’ s cyber defenses, free of charge.
I am committed to continuing to work with entities in New York’s 2nd district and across the country to improve their cybersecurity posture in the wake of increasing threats. We must ensure DHS, particularly CISA, has the resources and capabilities to help entities do just that.
It is also vital the Secret Service has the authorities and resources to investigate ransomware attacks and illicit financing operations. The Secret Service’s National Computer Forensics Institute provides cybercrime investigative training to state, local law enforcement, prosecutors, and judges. I look forward to hearing from the Secret Service how we can continue to leverage this critical training to bolster our defenses at the state and local level.
Ransomware attacks have devastating real-world consequences for Americans. Every minute that a hospital goes down is a minute of missed critical care. This life-threatening risk poses similar concerns for almost every industry.
We need to double down on ensuring state and local entities and small businesses adopt basic cybersecurity best practices to mitigate cyber risks. These practices can include, two-factor authentication, strong passwords, retaining backups, developing a response plan, and updating software.
I am a proud original cosponsor of the Chairwoman’s State and Local Cybersecurity Improvement Act, which would establish a grant program for state and local entities to improve their cyber posture. While we know resources for our state and local governments are necessary to reduce the threat of cyberattacks, we must ensure these funds are spent responsibly and have a meaningful impact on risk reduction. CISA plays a vital role here. This important bill is a tremendous step forward in our fight, but we can’t stop there.
We must adopt an “all of the above” approach to dealing with this challenge. There is no single silver bullet.
I look forward to hearing from our witnesses today about the innovative solutions Congress could consider as we work to degrade, and ultimately eliminate, the viability of ransomware.
And lastly, I want to thank Brandon Wales for his leadership as Acting Director of CISA for nearly eight extremely turbulent months. Mr. Wales – your work at the helm of the agency was a tremendous benefit to our nation. Thank you.
And thank you again, to both chairs, for bringing this important issue before us today.