Underwood plans to focus on election security, ransomware as chair of House cyber panel

Rep. Lauren Underwood (D-Ill.) said Tuesday that she plans to focus on election security and combating ongoing ransomware attacks on critical sectors in her new role as chair of the House Homeland Security Committee’s cybersecurity subcommittee. 

“The 2020 election may be over, but the need for resources remains,” Underwood said during the virtual CyberNextDC conference on Tuesday. “I am committed to working with my colleagues in the next Congress to make sure that our elections are even more secure in 2022 and 2024.”

Underwood — who took over as chair of the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation in September after Rep. Cedric Richmond (D-La.) stepped down from the position — stressed that in order to shore up election security, consistent federal funding would be needed. 

“We have got to be at a place where election security is not received or viewed in a partisan lens,” Underwood said. “Our state and local officials are trying to stretch every dollar, and they can’t do it.”

The issue of election security funding has been a major area of debate between Republicans and Democrats over the past four years, with Congress appropriating more than $800 million for election security to state and local officials since 2018, an amount election experts have said is far short of what is needed. 

Underwood noted that while upgrading cybersecurity of election equipment, including replacing outdated and vulnerable machines, was key to ensuring the security of elections moving forward, officials could not accomplish this without further federal funds.

“If those devices can’t get to the community because the state and local election officials cannot afford to purchase them, then we are not in good shape as a country,” Underwood said. “Right now, I think we have a real political problem that we all need to continue to work through in order to make sure that these resources are getting into the communities we serve.”

Underwood’s comments were made as part of her first public address on her priorities for the subcommittee since becoming chairwoman, and a week after she narrowly won reelection to a second term representing Illinois’s 14th Congressional District. 

Underwood outlined several other major priorities to tackle in the subcommittee once the 117th Congress kicks off in January, including focus on the increasing problem of ransomware attacks on state and local governments and other groups. 

These types of attacks involve the attacker gaining access to a system and encrypting it, demanding a ransom before allowing the user access. Ransomware attacks on hospitals have become a focus of concern during the COVID-19 pandemic, with the health care sector a major target of hackers looking to make money.

In order to combat these attacks, Underwood said Tuesday that the federal government needed to concentrate on sending funding and other resources to groups facing these threats. 

Underwood pointed to a bill passed by the House in September, which she co-sponsored, that would create a $400 million grant program to help state and local officials defend against and respond to cyberattacks as being a potentially positive step forward. 

“I think it’s best to prevent ransomware attacks by helping these state and local governments build better defenses,” Underwood said. “Even the best defenses can be overcome. We need to be better prepared for that instead of just leaving victims to fend for themselves.”

A key agency that Underwood’s subcommittee has jurisdiction over is the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which has been deeply involved in efforts to defend against both threats to elections and ransomware attacks more broadly.

Underwood said another key goal as chair would be “increasing CISA’s ability to scale up support for targeted entities while maintaining planned operations,” along with increasing the “security of the internet ecosystem.”

Last week, The Hill confirmed that CISA Director Christopher Krebs was expecting to be fired by President Trump, with this reportedly due to concerns around a “rumor control” page set up by CISA to debunk disinformation and misinformation around the general election. Other CISA officials resigned last week after being asked to leave by the White House. 

Underwood said she was “disturbed” by the potential turnover of CISA leadership. She noted that she planned to “reassess” legislation that was cut from the upcoming National Defense Authorization Act that would have created a five-year term for CISA director and potentially created more leadership stability. 

Underwood overall compared addressing cybersecurity policy issues to the work of John Snow, who first discovered that an outbreak of cholera in London in 1854 was linked to contaminated water.

“Dr. Snow went to the local authorities and persuaded them to remove the handle from the Broad Street pump so that no more contaminated water could be drawn from it,” Underwood said. “I am interested in finding where the pump handles are.”

“We are dealing with a suite of systemic weaknesses in the field of cybersecurity. … I know there are ways we can work together to take a Broad Street pump approach to the cybersecurity challenges facing our nation,” she added.