State officials press Congress for more resources to fight cyberattacks

Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities this past year.

Senior cybersecurity and tech leaders from Michigan and Texas noted during their testimony before the Senate Homeland Security and Governmental Affairs Committee that efforts to combat cyberattacks have been hampered by a lack of federal resources, particularly from the Department of Homeland Security (DHS).

“We see the intent everyday of DHS trying to get everywhere across the state, particularly in the run-up to the elections, and I think it’s just a matter of they need more boots on the ground, and they need a specific state representative to get more familiar with that state,” Christopher DeRusha, the chief security officer within Michigan’s Cybersecurity and Infrastructure Protection Office, told lawmakers.

Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), testified alongside the state officials and agreed that Congress should boost federal support for states.

“We have to get more resources out in the field,” Krebs said. “I cannot be effective if I am sitting here in Washington, D.C. I need more dedicated state and local resources.”

Tuesday’s hearing follows months of escalating attacks against government entities across the nation, with most involving ransomware, which attackers use to lock down a system and demand payment to give the user access again.

A coordinated ransomware attack on almost two dozen small towns in Texas crippled networks for a week in August, while a school district in Flagstaff, Ariz., was forced to close for two days last year to recover from a cyberattack.

On a larger scale, the city government of New Orleans declared a state of emergency after a ransomware attack took down its systems in December. The governments of Baltimore and Atlanta have also been attacked since 2018.

Amanda Crawford, the executive director of the Texas Department of Information Resources, which directly dealt with and responded to the cyberattacks on Texas towns last year, testified Tuesday that state leaders were adapting to the “new normal” in terms of cyber defense.

Crawford called on Congress to provide resources for CISA to assign a dedicated official to each state to assist on cybersecurity issues and pushed for better sharing of threat information between the federal government and states.

While Sen. Ron Johnson (R-Wis.), the chairman of the committee, was supportive of helping states defend against cyberattacks, he cautioned against throwing resources at states without set ways to use them.

“I am not opposed to it whatsoever. I just want to make sure that any additional resources, particularly personnel and more involvement with the states, is done the right way as an advisory, a clearinghouse, not as a regulatory control,” Johnson told reporters following the hearing.

There have been bipartisan efforts on both sides of Capitol Hill to try to push cyber resources to states over the past few months.

Sen. Maggie Hassan (D-N.H.) introduced bipartisan legislation in January that would establish a federally funded program to put cybersecurity coordinators from Washington in each state.

Sens. Gary Peters (D-Mich.) and Rick Scott (R-Fla.) introduced legislation at the end of last year to protect K-12 schools from cyberattacks, and the full Senate approved legislation in September that would create “hunt and incident response teams” to deal with cyberattacks.

On the other side of Capitol Hill, the House Homeland Security Committee plans to mark up a bipartisan bill on Wednesday that would create a $400 million grant program at DHS to help state and local governments address cyber threats.

Rep. Bennie Thompson (D-Miss.), the chairman of the committee, told The Hill on Tuesday that he was “glad” the committee was taking up the bill, highlighting concerns about foreign nations targeting the U.S. in cyberspace.

“The Russians are looking at us, the Chinese are looking at us, the North Koreans are looking at us, and the cheapest and least expensive method is a cyberattack such as ransomware,” Thompson said.