State officials press Congress for more resources to fight cyberattacks

State officials press Congress for more resources to fight cyberattacks

Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities this past year.

Senior cybersecurity and tech leaders from Michigan and Texas noted during their testimony before the Senate Homeland Security and Governmental Affairs Committee that efforts to combat cyberattacks have been hampered by a lack of federal resources, particularly from the Department of Homeland Security (DHS).

“We see the intent everyday of DHS trying to get everywhere across the state, particularly in the run-up to the elections, and I think it’s just a matter of they need more boots on the ground, and they need a specific state representative to get more familiar with that state,” Christopher DeRusha, the chief security officer within Michigan’s Cybersecurity and Infrastructure Protection Office, told lawmakers.


Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), testified alongside the state officials and agreed that Congress should boost federal support for states.

“We have to get more resources out in the field,” Krebs said. “I cannot be effective if I am sitting here in Washington, D.C. I need more dedicated state and local resources.”

Tuesday's hearing follows months of escalating attacks against government entities across the nation, with most involving ransomware, which attackers use to lock down a system and demand payment to give the user access again.

A coordinated ransomware attack on almost two dozen small towns in Texas crippled networks for a week in August, while a school district in Flagstaff, Ariz., was forced to close for two days last year to recover from a cyberattack.

On a larger scale, the city government of New Orleans declared a state of emergency after a ransomware attack took down its systems in December. The governments of Baltimore and Atlanta have also been attacked since 2018.


Amanda Crawford, the executive director of the Texas Department of Information Resources, which directly dealt with and responded to the cyberattacks on Texas towns last year, testified Tuesday that state leaders were adapting to the “new normal” in terms of cyber defense.

Crawford called on Congress to provide resources for CISA to assign a dedicated official to each state to assist on cybersecurity issues and pushed for better sharing of threat information between the federal government and states.

According to DeRusha, Michigan has access to tools and assistance from the federal government, such as those provided to states by DHS, and has a CISA cybersecurity liaison assigned to Michigan.
Crawford said Texas also takes advantage of voluntary DHS services but noted that more could be done on the federal level to cut down on wait times for receiving those services and to effectively help her state combat cyberattacks.

While Sen. Ron JohnsonRonald (Ron) Harold JohnsonGOP senators call for commission to investigate Capitol attack Wisconsin Democrats make ad buy calling on Johnson to resign Efforts to secure elections likely to gain ground in Democrat-controlled Congress MORE (R-Wis.), the chairman of the committee, was supportive of helping states defend against cyberattacks, he cautioned against throwing resources at states without set ways to use them.

“I am not opposed to it whatsoever. I just want to make sure that any additional resources, particularly personnel and more involvement with the states, is done the right way as an advisory, a clearinghouse, not as a regulatory control,” Johnson told reporters following the hearing.

There have been bipartisan efforts on both sides of Capitol Hill to try to push cyber resources to states over the past few months.


Sen. Maggie HassanMargaret (Maggie) HassanBipartisan group of senators: The election is over Seven Senate races to watch in 2022 Insurers lose multiyear lobbying fight over surprise medical bills MORE (D-N.H.) introduced bipartisan legislation in January that would establish a federally funded program to put cybersecurity coordinators from Washington in each state.

Sens. Gary PetersGary PetersTwo Senate committees vow probe of security failure during Capitol riots US government caught blindsided over sophisticated cyber hack, experts say Krebs emphasizes security of election as senators butt heads MORE (D-Mich.) and Rick Scott (R-Fla.) introduced legislation at the end of last year to protect K-12 schools from cyberattacks, and the full Senate approved legislation in September that would create “hunt and incident response teams” to deal with cyberattacks.

On the other side of Capitol Hill, the House Homeland Security Committee plans to mark up a bipartisan bill on Wednesday that would create a $400 million grant program at DHS to help state and local governments address cyber threats.

Rep. Bennie ThompsonBennie Gordon ThompsonNew coalition aims to combat growing wave of ransomware attacks Acting DHS chief Chad Wolf stepping down Security boosted for lawmakers' travel around inauguration: report MORE (D-Miss.), the chairman of the committee, told The Hill on Tuesday that he was “glad” the committee was taking up the bill, highlighting concerns about foreign nations targeting the U.S. in cyberspace.

“The Russians are looking at us, the Chinese are looking at us, the North Koreans are looking at us, and the cheapest and least expensive method is a cyberattack such as ransomware,” Thompson said.