WASHINGTON – In case you missed it, U.S. Senator Maggie Hassan organized and co-led a hearing yesterday on the importance of bolstering cybersecurity for state and local governments and other entities amid the COVID-19 pandemic. Senator Hassan, the Ranking Member of the Senate Homeland Security and Governmental Affairs Subcommittee on Federal Spending Oversight and Emergency Management, heard from a range of witnesses, including Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA) and Denis Goulet, Commissioner of the New Hampshire Department of Information Technology, on how Congress and the federal government can better assist state and local governments in preventing and responding to cyberattacks.
This hearing is a part of Senator Hassan’s bipartisan efforts as a member of the Senate Homeland Security and Governmental Affairs Committee to strengthen local, state, and federal cybersecurity. Senator Hassan’s bipartisan Public-Private Cybersecurity Cooperation Act with Senator Rob Portman (R-OH) was included in a package of bills that were signed into law. In addition, the President signed into law the bipartisan Hassan-Portman Department of Homeland Security (DHS) Cyber Hunt and Incident Response Teams Act to help prevent cyberattacks at all levels of government and the private sector.
Senator Hassan also led in introducing a bipartisan bill to require the Department of Homeland Security to establish a federally funded Cybersecurity Coordinator in each state, who would be responsible for helping to prevent and respond to cybersecurity threats by coordinating between federal, state, and local governments, as well as schools, hospitals, and other entities. An amendment that mirrors this legislation recently passed the Senate as part of the annual National Defense Authorization Act.
See below for coverage highlights:
Union Leader: Granite Status: Familiar face at hearing
By Josie Albertson-Grove
[…] Hassan, the ranking member of the Subcommittee on Federal Spending Oversight and Emergency Management, helped lead a hearing Wednesday about cybersecurity challenges brought about by the pandemic.
Testifying with (well, virtually with) the head of the Cybersecurity and Infrastructure Security Agency (CISA) was New Hampshire Commissioner of Information Technology Denis Goulet — a Hassan appointee while she was governor. Goulet has stayed on to work under Gov. Chris Sununu.
Goulet is also president of an association for state Chief Information Officers. He said that even as ransomware and other kinds of attacks on states and cities have become more common, states are not eager to invest in cybersecurity. He said some kind of federal grant, perhaps with a state match, could nudge states toward better security.
Goulet advocated federal funding for state cybersecurity, because states deliver federal programs, and many states do not have adequate funding and staff to do security. […]
State Scoop: Senators press CISA to do more to stop K-12 ransomware
By Benjamin Freed
Senators asked the new head of the Cybersecurity and Infrastructure Security Agency on Wednesday what more the agency can do to help public school systems across the country to defend themselves from digital threats like ransomware, which has disrupted virtual learning environments, seized up educational IT resources and — in some places — even delayed or canceled classes.
Pressed by Sen. Maggie Hassan, D-N.H., that the federal government “has a responsibility to help protect our communities from these threats,” Brandon Wales, the agency’s acting director, acknowledged that the extortion malware that’s run rampant across state and local networks, hospitals and businesses is an urgent issue.
“Ransomware is quickly becoming a national emergency,” Wales said during his opening statement during a hearing on state and local cybersecurity matters that also touched on the health sector, CISA’s protection of efforts like the Operation Warp Speed vaccine development program and, briefly, election security.
[…] Other than brief line of questioning from Sen. Rand Paul, R-Ky., the chairman of the Senate Homeland Security subcommittee on federal spending — during which Wales said “our election security mission continues” — the hearing mostly focused on the ransomware threat to state and local entities, and how great CISA’s role should be in protecting those agencies, especially schools.
“CISA works with all sectors,” Wales told Hassan. “We have a responsibility to help them.”
And though Wales said that “every system owner bears responsibility for what happens on their networks,” he said that CISA tries to share as much information as possible with members of the critical infrastructure groups that it’s charged with protecting.
“It is important that states have as much of our cybersecurity knowledge as possible to safeguard critical systems,” Wales said, noting the agency’s publication of “Cyber Essentials” guides and CISA-funded malicious domain blocking and reporting service that’s administered by the Multi-State Information Sharing and Analysis Center.
[…] Speaking during the second panel, New Hampshire Chief Information Officer Denis Goulet said the rise in cyberattacks against K-12 organizations creates an opportunity to implement a “whole-of-state” approach toward IT security, in which the resources of the state government are leveraged in response to a local crisis.
“If you have a small-staffed school, you can’t throw sophisticated stuff at them,” Goulet said. He said his office has been working with the MS-ISAC on figuring out how to scale its programs designed for state governments to the smallest local levels.
School districts do account for about 20 percent of the MS-ISAC’s membership, which recently eclipsed 10,000 organizations, Wales said during his testimony. But that represents a fraction of K-12 systems nationwide, which number more than 13,000.
NextStar: Cyberattacks surging as COVID-19 pandemic continues
By Russell Falcon, Nexstar, and Anna Wiernicki
Recent reports show cyberattacks have surged since the beginning of the COVID-19 pandemic. Cybercriminals target the average household 104 times per month, according to Comcast.
On Wednesday, senators took a look at how they can help communities fend off these attacks. Brandon Wales with the Department of Homeland Security says no one is safe.
“We have seen malicious cyber actors targeting vaccine research and development, exploiting the dramatic expansion of remote work and using COVID to advance criminal schemes,” said Wales.
He says cyberattacks are only getting more creative and more invasive as the pandemic continues—and once attackers in, Wales says it’s game over.
New Hampshire Democrat Maggie Hassan says Congress needs to do more to help local and state governments fend off these attacks.
Some of the suggestions senators talked about include creating programs to train communities to identify the attacks before they happen. Wales warned senators that if Congress doesn’t act fast, criminals could get their hands on highly classified information.
###