WASHINGTON – U.S. Senator Maggie Hassan today organized and co-led a hearing on the importance of bolstering cybersecurity for state and local governments and other entities amid the COVID-19 pandemic. The Senator, the Ranking Member of the Senate Homeland Security and Governmental Affairs Subcommittee on Federal Spending Oversight and Emergency Management, heard from a range of witnesses, including Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA) and Denis Goulet, Commissioner of the New Hampshire Department of Information Technology, on how Congress and the federal government can better assist state and local governments in preventing and responding to cyberattacks.
“State and local governments have been prime targets for cyberattacks for a number of years. But the stakes have only grown as COVID-19 has forced millions of Americans to migrate their everyday activities to the online world,” said Senator Hassan.
Senator Hassan questioned Acting Director of CISA Brandon Wales on why it’s important for the federal government to provide additional support for state and local governments.
“The state governments across the country, and local governments, operate some of our most critical infrastructure,” Acting Director Wales said. “Whether it’s operating water treatment facilities in some states and communities, municipal power authorities in others…states are a critical part of our fabric for both our economic and homeland security. So it is an important interest of the federal government that states have as much of our cybersecurity knowledge and expertise as possible to help safeguard those critical systems.”
Senator Hassan questioned Denis Goulet, Commissioner of the New Hampshire Department of Information Technology and President of the National Association of State Chief Information Officers, on how to best support schools and hospitals in their efforts to prevent and respond to cyber threats. Last year, Senator Hassan met with Sunapee School District officials after they experienced a ransomware attack.
Commissioner Goulet discussed the challenges that smaller schools face in implementing best practices for cybersecurity.
“I know we’ve been working at MS-ISAC, Multi-State Information Sharing and Analysis Center, on how we scale out some of their programs that were originally designed for state governments but may need to be tweaked in order to be absorbed by schools and local governments,” said Commissioner Goulet.
Last year, Senator Hassan worked with her colleagues to successfully save funding for MS-ISAC, which helps ensure that the federal government communicates information on cyber threats and best cybersecurity practices to state and local entities, as well as provide assistance and threat monitoring to state and local governments facing cybersecurity challenges.
Senator Hassan also heard from Leslie Torres-Rodriguez, Superintendent of the Hartford Public School District which experienced a cyberattack earlier this year that delayed the start of school.
“In terms of the ongoing operational effects of the attack, shutting down functions and servers did have debilitating consequences for a number of departments…That sudden delay to the first day of school after weeks of preparation was disruptive to our families,” said Superintendent Torres-Rodriguez.
She continued, “The process of restoring well over 10,000 devices – laptops and desktops for both students, teachers, and support staff – was tremendous. It did require a heavy lift in terms of human capital and time, which is why the role of our IT department and the Connecticut National Guard and even a third party technical support that we had to contract out for because otherwise we could not have done it, it would have taken additional weeks to start our school year.”
Senator Hassan recently introduced a bipartisan bill to support the National Guard’s role in helping state and local governments improve their cybersecurity infrastructure.
Another witness, John Riggi, Senior Advisor for Cybersecurity and Risk for the American Hospital Association, spoke to the challenges that hospitals are facing to fend off cyberattacks, including ransomware attacks, in the midst of a pandemic that has already strained hospital resources.
This hearing is a part of Senator Hassan’s bipartisan efforts as a member of the Senate Homeland Security and Governmental Affairs Committee to strengthen local, state, and federal cybersecurity. Senator Hassan’s bipartisan Public-Private Cybersecurity Cooperation Act with Senator Rob Portman (R-OH) was included in a package of bills that were signed into law. In addition, the President signed into law the bipartisan Hassan-Portman Department of Homeland Security (DHS) Cyber Hunt and Incident Response Teams Act to help prevent cyberattacks at all levels of government and the private sector.
Senator Hassan also led in introducing a bipartisan bill to require the Department of Homeland Security to establish a federally funded Cybersecurity Coordinator in each state, who would be responsible for helping to prevent and respond to cybersecurity threats by coordinating between federal, state, and local governments, as well as schools, hospitals, and other entities. An amendment that mirrors this legislation recently passed the Senate as part of the annual National Defense Authorization Act.