Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities this past year.
Senior cybersecurity and tech leaders from Michigan and Texas noted during their testimony before the Senate Homeland Security and Governmental Affairs Committee that efforts to fight against cyberattacks have been hampered by a lack of federal resources, particularly from the Department of Homeland Security (DHS).
“We see the intent everyday of DHS trying to get everywhere across the state, particularly in the run-up to the elections, and I think it’s just a matter of they need more boots on the ground, and they need a specific state representative to get more familiar with that state,” Christopher DeRusha, the chief security officer within Michigan’s Cybersecurity and Infrastructure Protection Office, told lawmakers.
Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), testified alongside the state officials, and agreed that Congress should boost federal support for states.
“We have to get more resources out in the field,” Krebs said. “I cannot be effective if I am sitting here in Washington, D.C., I need more dedicated state and local resources.”
Tuesday’s hearing follows months of escalating attacks against government entities across the nation, with most involving ransomware attacks, in which attackers lock down a system and demand payment to give the user access again.
A coordinated ransomware attack on almost two dozen small towns in Texas crippled networks for a week in August, while the school district in Flagstaff, Ariz., was forced to close for two days last year to recover from a cyberattack.
On a larger scale, the city government of New Orleans declared a state of emergency after a ransomware attack took down its systems in December. The governments of Baltimore and Atlanta have also been attacked since 2018.
Amanda Crawford, the executive director of the Texas Department of Information Resources, which directly dealt with and responded to the cyberattacks on Texas towns last year, testified Tuesday that state leaders were adapting to the “new normal” in terms of cyber defense.
Crawford called on Congress to provide resources for CISA to assign a dedicated official to each state to assist on cybersecurity issues, and pushed for better sharing of threat information between the federal government and states.
According to DeRusha, Michigan has access to tools and assistance from the federal government, such as those provided to states by DHS, and has a CISA cybersecurity liaison assigned to Michigan.
Crawford said Texas also takes advantage of voluntary DHS services, but noted that more could be done on the federal level to cut down on wait times for receiving those services and to effectively help her state combat cyberattacks.
While Sen. Ron JohnsonRonald (Ron) Harold JohnsonGOP senators defend Sondland, Vindman ousters: They weren’t ‘loyal’ Sen. Johnson confirms he sought to prevent Sondland dismissal Group of GOP senators tried to stop Trump from Sondland ouster: report MORE (R-Wis.), the chairman of the committee, was overall supportive of helping states defend against cyberattacks, he cautioned against throwing resources at states without set ways to use them.
“I am not opposed to it whatsoever, I just want to make sure that any additional resources, particularly personnel and more involvement with the states, is done the right way as an advisory, a clearinghouse, not as a regulatory control,” Johnson told reporters following the hearing.
There have been bipartisan efforts on both sides of Capitol Hill to try to push cyber resources to states over the past few months.
Sen. Maggie HassanMargaret (Maggie) HassanSanders says NH Democratic senators were wrong to back Trump’s USMCA House committee advances bill that would give DHS cyber agency subpoena power Biden: ‘I sure would like Michelle to be the vice president’ MORE (D-N.H.) introduced bipartisan legislation in January that would establish a federally funded program to put cybersecurity coordinators from Washington in each state.
Sens. Gary PetersGary Charles PetersBipartisan lawmakers introduce bill to combat cyber attacks on state and local governments Senate drama surrounding Trump trial starts to fizzle Senate Democrats outraise Republicans, but GOP has cash edge MORE (D-Mich.) and Rick Scott (R-Fla.) introduced legislation at the end of last year to protect K-12 schools from cyberattacks, and the full Senate approved legislation in September that would create cyber “hunt and incident response teams” to deal with cyberattacks.
On the other side of Capitol Hill, the House Homeland Security Committee plans to mark up a bipartisan bill on Wednesday that would create a $400 million grant program at DHS to help state and local governments address cyber threats.
Rep. Bennie ThompsonBennie Gordon ThompsonBipartisan lawmakers introduce bill to combat cyber attacks on state and local governments New York sues Trump administration over Trusted Traveler ban DHS chief: Restrictions on New Yorkers have ‘nothing to do with illegal aliens receiving drivers licenses’ MORE (D-Miss.), the chairman of the committee, told The Hill on Tuesday that he was “glad” the committee was taking up the bill, highlighting concerns about foreign nations targeting the U.S. in cyberspace.
“The Russians are looking at us, the Chinese are looking at us, the North Koreans are looking at us, and the cheapest and least expensive method is a cyberattack such as ransomware,” Thompson said.