Press Releases
Chairman Nadler Statement for Hearing on "Oversight of the Federal Bureau of Investigation, Cyber Division"
Washington,
March 29, 2022
Washington, D.C. - Today, House Judiciary Committee Chairman Jerrold Nadler (D-NY) delivered the following opening statement, as prepared, during a full committee hearing on "Oversight of the Federal Bureau of Investigation, Cyber Division:" “This hearing could not be more appropriately timed. Americans today live at a critical juncture in the history of cybersecurity. Our schools, our businesses, our public safety, our local government, our federal government, our public utilities, and our critical infrastructure all exist at a nexus of threats from cyber criminals. “In the last year, we have experienced attacks that shut down a gas pipeline along the Eastern Corridor, infiltrated government e-mail systems, and froze hospital networks during their time of greatest need. “To tritely describe the threat of cyber-attacks against the United States as simply “great” or “high”—as we often do—minimizes the danger we face as a Nation. Ransomware attacks, in which a hacker encrypts a victim’s data and withholds the decryption key in exchange for a ransom, have skyrocketed in recent years, with an estimated 105 percent increase worldwide in 2021. “American businesses, healthcare institutions, and local government entities have borne the brunt of ransomware attacks in the United States. An estimated 37 percent of businesses, and over 2,300 schools, local governments, and healthcare organizations were hit by ransomware attacks in 2021. Ransomware attacks against software companies, such as in the attack against Kaseya, affect thousands of small business clients, who often feel the most pain from the destruction of data, loss of business, and damage to customer trust. “The attack against software company Blackbaud, for example, compromised thousands of downstream clients, like Christ Hospital in Cincinnati and the Children’s Hospital of Pittsburgh. “Local government entities, such as schools, county elections offices, and police departments are often underfunded and under resourced. “For many educators, the decision between patching software systems and acquiring new textbooks is just one of the many painful decisions they have to make in what is often a thankless job. In other cases, a grant for new technology can mean updating systems and increasing accessibility, but also increasing risks with more opportunities for hackers to exploit system vulnerabilities. “The Biden Administration has acted to turn the tide on the ransomware and cyber-attack threat, and the FBI has played a central role in shoring up our defensive position. It has even begun recovering ransom payments from cyber criminals, as in the case of Colonial Pipeline. “But these successes have not been without controversy. After the attack on Kaseya, the FBI withheld for weeks the decryption key it had recovered, which left many downstream businesses without the tools they needed to operate and cost those businesses many millions of dollars that could have been avoided had the FBI provided it immediately. “Many people also raised privacy concerns in the wake of the attack on Microsoft Exchange. After the FBI discovered that the individual networks of private companies had been compromised by the Microsoft Exchange intrusion, it obtained warrants to alter victims’ systems without their knowledge or permission. “No sector needs more protection than our critical infrastructure. In 2021, ransomware was used to attack 14 out of 16 critical infrastructure sectors, including agriculture, financial services, energy, dams, and other often-unseen-but-crucial industries that buttress American lives and businesses. “In February 2021, an attacker attempted to poison the water in Oldsmar, Florida. In 2017, Russian government-affiliated cyber attackers hacked a third-party contractor and used the company’s email to gain access to part of the American electrical grid. And in April 2021, Chinese state-affiliated hackers breached New York’s Metropolitan Transit Authority network, potentially exposing data and showcasing just how vulnerable our transit operational systems could be to attack. “These are real threats. Blackouts and loss of electrical service could cripple our country’s economy and paralyze our ability to respond to an attack. Without significant investment in IT systems and training, these industries will remain vulnerable. “But the threat does not end there. State-affiliated cyber threat actors from Russia, Iran, and China, have engaged in cyber espionage against our government and political systems, accessing critical data and loitering on our servers. American businesses have suffered breaches by cyber criminals looking for personal data to sell. “While the Russian invasion of Ukraine has not yet spilled over into cyber attacks that affect governments and businesses in the United States, President Biden has warned all Americans of “evolving intelligence” that Russia may soon launch cyber-attacks against the United States. Our ability as a country to respond to such an attack rests in the hands of the FBI and its partner agencies.
“The Biden Administration has encouraged businesses large and small to adopt a “shields up” posture to defend against cyber threats. “Because it is the security of private companies—those that keep our lights on, provide lifesaving healthcare, and teach our children—that will determine the fallout from an attack, we must all evolve to better protect our networks. This means strengthening our cybersecurity systems by patching system vulnerabilities, training users how to recognize phishing attacks, and increasing network cybersecurity protocols. When we invest in our schools, local governments, and healthcare systems’ cybersecurity, we contribute to a safer country. “We live in a technologically advanced nation of early adopters, with private networks and the freedom to maintain our networks however we choose. There is no easy way to mitigate all cyber vulnerabilities in the United States, but by engaging in meaningful oversight of our Nation’s cybersecurity defenses, this Committee can ensure we are ready to meet any threat head-on. “I look forward to hearing from Assistant Director Vorndran on what he and his colleagues at the FBI Cyber Division are doing to keep our country safe and to engaging in an important discussion about the threats our networks face.” |