Katko Opening Statement at Hearing on Local Cybersecurity Challenges
WASHINGTON – Rep. John Katko (R-N.Y.), Cybersecurity, Infrastructure Protection and Innovation Subcommittee ranking member, today delivered the following opening statement at a hearing entitled “Cybersecurity Challenges for State and Local Governments: Assessing How the Federal Government Can Help.”
Our State and local governments are prime targets for cyberattacks. A May 2019 report by Record Future found that ransomware attacks on State and local governments increased by 39 percent in 2018, to 53 attacks. And in the first four months of 2019 alone, there have already been 21 attacks, including in my home state of New York.
In 2018, the National Association of State Chief Information Officers found that many states typically spend only one to two percent of their budget on cybersecurity. Most employ fewer than fifteen full-time cyber professionals.
This is not surprising, given the budgeting challenges many State and local governments face and the talent pipeline issues we have discussed in previous hearings.
It will take work from Federal, State and local governments, as well as outside stakeholders, to improve this situation, but it is clear that action is needed.
This hearing today is an important step, and I look forward to hearing from our witnesses about their ideas about how to help.
I will introduce a bill, the State and Local Cybersecurity Improvement Act, which directs the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security, to develop a resource guide for State and local officials to navigate the challenges of protecting their networks.
My bill also will create two new grant programs. The first is a one-time grant for State and local governments to identify their High Value Assets and system critical architecture. To protect something, you must know what is worth protecting.
The second grant program helps State and local governments conduct exercises to train, prepare and evaluate their ability to respond to an attack. Working through an exercise allows a government to identify weaknesses in their current plan and establishes protocols and procedures to be prepared in case the worst happens.
My bill will help State and local governments be better prepared to defend their cyber networks. But the work we need to do to address this issue does not end with my bill. I look forward to working with my colleagues on this issue.