WASHINGTON – On Wednesday, U.S. Rep. Mariannette Miller-Meeks, R-Iowa, participated in the U.S. House Homeland Security Committee virtual hearing on cybersecurity. She questioned witnesses about the availability and effectiveness of federal resources to assist state and local authorities to combat cyber-attacks.
Watch her question witnesses in the video above.
The witnesses for Wednesday’s hearing were:
- Chris Krebs, Former Director of the Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security
- Sue Gordon, Former Principal Deputy Director of National Intelligence, Office of the Director of National Intelligence
- Michael Daniel, President & CEO, Cyber Threat Alliance
- Dmitri Alperovitch, Executive Chairman, Silverado Policy Accelerator
Read the transcript below:
Miller-Meeks: “Thank you so much Mr. Chair, Ranking Member Katko, and all the witnesses who are presenting here today on this extraordinarily important topic, and I appreciate the ability to both listen and learn.
“Before coming to Washington at the beginning of this year, I served as a State Senator in my home state of Iowa. Last year the Iowa Legislature recognized the importance of cybersecurity, and we voted to increase funding for cybersecurity initiatives to our DCI. As all of you and your testimony have recognized, and brought up and addressed, the importance of a combined effort, not solely a government effort, but also state and private.
“Ms. Gordon in your testimony, you discuss the importance of cybersecurity at the state and private industry level, and I’m wondering what federal resources currently exists to help states that want to strengthen their cybersecurity.”
Gordon: “So, I think what CISA has done, what Chris has done, in the context of election security has given a great blueprint for state and local to be able to use their resources, but the wisdom of the federal to put these two things together.
“I think there is probably more we can do. One of the thoughts that I have is as the intelligence community got more and more secure, securing itself against this, one of the great advantages we had was when we went to cloud computing and away from all the small infrastructure that is really hard to keep up with and patch and I think there’s an interesting question to be said with whether there is some ability to provide for less-advantaged localities some sort of access to broader cloud computing that could offer that advantage in the same way. Thank you very much.”
Miller-Meeks: “Thank you so much. And you all had mentioned seeing boundaries in silos, and Mr. Krebs, you had mentioned talking about ransomware, and we certainly have had ransomware attacks in Iowa, and again put legislation to deal with that.
“So, if a state is working to prevent ransomware attacks, or if they’re currently experiencing a ransomware attack, what assistance or guidance is the state able to receive from the federal government, should the federal government provide assistance, and what does a process look like for a state seeking guidance?”
Krebs: “Yes, ma’am, thank you for that. Ransomware is a… I think we’re on the verge of a global emergency. The rate at which we’re seeing state and local governments get hit is truly frightening. CISA, over the last two years working with the FBI and other law enforcement partners, has kicked off a ransomware awareness campaign.
“I think we actually need to do more though. I think we need to have a joint public-private sector initiative, like The Institute of Security and Technologies ransomware task force, where everyone comes together across technology sector and government to make things better.
“But to start, we have to improve defenses. State and local governments simply cannot protect themselves. There’s too much legacy infrastructure out there. There’s still too much reliance on single-factor authentication like passwords. We have to make that generational leap in technology, and the federal government has to help here.
“I think we have to either match what the Homeland Security grant programs have done for counterterrorism or we have to go even further, and I think with COVID, remote workforce digital, transformation in a subsequent funding stimulus bill. I think we have an opportunity to put a lot of really meaningful, impactful resources into the hands of state and locals, to upgrade their systems, to improve citizen services, and ultimately secure, against this ongoing scourge of ransomware.”
Miller-Meeks: “Mr. Daniel, would you have anything to add to that?”
Daniel: “I think it’s absolutely right that state and local governments, not only in dealing with ransomware, which I completely agree with Chris that we, I think you know that is moved into the realm of national security and public health and safety threat, that we very much have to deal with and we need to provide a lot more resources to state and local governments for them to both defend themselves and to remediate and have options other than paying the ransom if they do get hit with ransomware.
“They really need to have that option. But I also think we need to be looking at how we work with state and local governments to be ready to respond to other kinds of disruptive and potentially destructive attacks to our critical infrastructure. There’s some work being done by a group called The New York Cyber Task Force that will be coming out later this spring that will look exactly at that topic.”
Miller-Meeks: “Thank you so much. I appreciate all of the testimony from the witnesses, and again, very important topic and very timely. Thank you, Mr. Chair. I yield back my time.”