Congressional Witnesses Say Lack of Agency Resources is Holding Back Government Cybersecurity Efforts

WASHINGTON, December 3, 2021 – Representatives of federal agencies tasked with overseeing the nation’s infrastructure systems told the House Transportation and Infrastructure Committee that their efforts to safeguard national cybersecurity are hampered by a lack of funding for their agencies.

The committee called on testimony from the Transportation Department, the Federal Aviation Administration, the Transportation Security Administration, the U.S. Coast Guard and the Government Accountability Office in the second part of a two-hearing series on infrastructure cybersecurity following a year that saw the number of high profile cyberattacks increase.

The TSA has recently proposed cybersecurity mandates for the transportation industry, only to face significant blow back from key leaders in transportation.

Throughout the hearing Thursday as lawmakers presented agency representatives with proposals to improve federal cybersecurity efforts, the agency representatives frequently cited a lack of resources as preventing them from executing such changes in cyber policy.

Lawmakers find uncertainty for success of proposals

Lawmakers’ questions touched on a wide variety of infrastructure issues.

Rep. Rick Larsen, D-Wash., raised concerns over the usage of C-band interfering with aircraft. The topic has been in the spotlight as C-band use increases with 5G rollout, and the aviation industry has continually requested delays in 5G deployment despite telecom companies already having set back their release dates.

The FAA’s representative at the hearing, chief information security officer Larry Grossman, stated that the FAA believes C-band can safely coexist with aviation, and that further information on the matter was being gathered by both the FCC and the FAA.

Rep. Grace Napolitano, D-Calif., stated examples of breaches in the nation’s water supply systems and recommended virtual cybersecurity training for the employees who oversee those systems.

Rep. Hank Johnson, D-Ga., emphasized that cybersecurity challenges had held up disbursement of emergency government COVID-19 stimulus, creating delays that he said many Americans could not afford. He pointed to the slow pace of cybersecurity solution implementation as a major contributor to these delays.

In one of the day’s more politicized lines of questioning, chairman of the House Freedom Caucus Rep. Scott Perry, R-Pa., asked what was being done to counter what he considered cybersecurity threats specific to electric buses such as lighting fires. In his questioning, he condemned the Republicans who voted for the Infrastructure Investment and Jobs Act, which contains an electric vehicles provision, as “some socialist-voting members.”

Photo of the hearing

The GAO’s representative, director of information technology and cybersecurity Nick Marinos, responded that whether they are gas or electric powered, vehicles are seeing increased potential for hacks.

Like Rep. Napolitano, committee chairman Rep. Peter DeFazio, who recently announced this would be his last term in Congress, said cybersecurity training should be mandated for companies overseeing infrastructure. He emphasized that just before it was hacked, Colonial Pipeline turned down an audit that was offered to it, and that should the audit have taken place the hack may have been prevented.

Additional legislation concerning these hacks has been pushed recently in the House, such as a mandate for quick reporting to the government when companies are hacked.