During a House Homeland Security Committee hearing prior to the congressional recess, Rep. Andy Ogles (R-TN) spoke about the need for stronger cybersecurity protections for vulnerable communities.
Category
🗞
NewsTranscript
00:00The gentleman yields back. I now recommend this gentleman from Tennessee, Mr. Ogles,
00:04for five minutes of questions. Thank you, Mr. Chairman. To the witnesses,
00:08I believe strongly in federalism, fiscal responsibility, and the importance of empowering
00:13local communities and not expanding the bureaucracies of, quite frankly, the federal
00:17government. As we assess the state and local cybersecurity grant program, we need to ensure
00:21that our limited federal resources are being used effectively and are actually reaching the
00:26communities most at risk. I say that in the context of being a former county executive,
00:31and Tennessee serves as the CEO of the county. I can attest to the fact that some of these
00:37pass-through grants administered by the states were incredibly important to my county, which was a
00:41rural county. Emergency services, fire, and cyber were all my departments. Again, I get your perspective
00:49on the stable match because, again, as a rural county where we have limited funding mechanisms and,
00:54quite frankly, an ever-growing school system, there's a friction there of how do you fund
01:00these mechanisms, which, as my colleague stated, the future of warfare is on the cyber battlefield.
01:07But that being said, Mr. Huber, you've worked to secure systems against the threat from Volt Typhoon,
01:12a CCP-backed group of hackers who both have sophisticated abilities and specialize in targeting
01:18the most vulnerable points in its target systems. In your testimony, you mentioned their attack on
01:23Littleton Electric Light and Water Department in Massachusetts. In my district and across the
01:28country, we have a diverse range of electric providers, large corporations, rural providers,
01:32as I mentioned. In your experience, how strong is the awareness of cyber threats among smaller,
01:38less-resourced organizations that provide critical infrastructure? And again, I go back to Tennessee,
01:43but probably much like rural Kentucky, where we have a patchwork of these smaller communities where we're
01:48scrapping for resources to figure out how do we, quite frankly, protect not only our infrastructure,
01:54but our citizens. Sir? Yeah, thank you for the question. So, I've had the pleasure of working
02:00with municipalities that the IT person was the IT person and the database administrator and the system
02:05administrator and responsible for security as part-time job. So, as you might imagine, any administrative
02:10burden that might be involved in applying for the grant would be significant for an entity such as that,
02:14a smaller size. But make no mistake, those smaller rural entities, that could be the hydro station that
02:20fuels a larger municipality. That's a national security and an economic impact to the region.
02:26So, as we heard from a gentleman here, education and awareness is key to educating those folks who have
02:34probably dual roles or multi-hat roles for protecting that piece of critical infrastructure for nation-state
02:40attackers. As someone who's been in the trenches, a National Guard member in Title 32 and state active
02:46duty supporting state critical infrastructure components, there's a significant shortage of
02:51resources and knowledge about nation-state level attackers. So, I think it's important to recognize that
02:58this funding is key in raising the bar of foundational cyber controls for all of those entities.
03:03And I want to focus primarily with the other three witnesses on rural communities. And one of my
03:11concerns, again, my background coming from a rural community is that competition that you see between,
03:16say, a Nashville and my community. But yet, from an assessment standpoint, I would argue some of your
03:22rural communities are your most vulnerable points of entry. So, how do we make sure that we're prioritizing,
03:28basically, and take size out of it for a moment, but a needs assessment? Understanding that, again,
03:35whether it's distribution of broadband, whether it's protecting points of entry, etc. Mr. Fuller?
03:41Thank you very much. Let me just say, I really appreciate your comment that these attacks are very
03:46much like war. And this committee just knows very well that we live in a very, very dangerous world,
03:52that we're constantly under attack, including our smallest and most rural communities. So, with the program
03:57that we rolled out, we rolled out tools to all of our communities, including the rural communities.
04:03And for the most rural, who don't even have sufficient IT resources, we're able to make
04:08resources available to help them install those tools. And then we're also able to provide training
04:13for those people. So, we're absolutely committed to getting this program to our small cities and
04:19counties and special districts. Mr. Kramer? Thank you. Again, it's a great question.
04:24I think one of the things that we need to recognize, it's a matter of how quickly we share that
04:30information as well. When a cyber attack happens, what they're trying to do in one place, one community,
04:38is likely happening somewhere else. And again, I think the smaller communities, the rural communities,
04:44where my colleagues have testified that you've got a person who has three different jobs. If they aren't
04:50aware of what to look for, it makes it much more difficult. They often don't find out until it's
04:55too late. So, one of the things we're hoping we can get the federal government to do is recognize
04:59that they collect up a lot of this data about cyber attacks, but they collect it up and hold it.
05:05It would be very useful to us at the local level if, as soon as they knew about a cyber attack,
05:10they shared that information with entities as quickly as they could, so that folks at the local
05:14level could start looking at their own systems and see if someone's trying to get in the same way.
05:18Yes, sir. And I'm out of time, but Mr. Raymond, a final thought?
05:24I would just say that we view cybersecurity as a team sport. We view those that are better
05:29resourced in a good position to help those that aren't. So, we do have municipalities who help each
05:36other, larger ones helping smaller ones, and smaller ones who are relying upon the state to help
05:42deliver services. We do run all of the network services, so it provides a unique ability for
05:49us to provide specialized security services to everyone in our jurisdiction, which is one way to
05:55make the limited dollars we have go a lot further. Sir, thank you to the witness, Mr. Chairman. Apologies
06:00for going over. Of course, that's not a problem.