Chairman Carper’s Opening Statement: Cybersecurity Hearing

WASHINGTON, D.C. – Today, the U.S. Senate Committee on Environment and Public Works will hold a hearing to examine the potential cybersecurity threats currently facing our nation’s infrastructure.

Below is the opening statement of Chairman Tom Carper (D-Del.), as prepared for delivery:

“Good morning, everyone. I call this hearing to order.

“First, I want to thank each of our witnesses here today for their willingness to share your perspectives on the cyber vulnerabilities that our infrastructure systems face.

“We are joined this morning by leaders who will discuss cyber-vulnerabilities in our highway, municipal drinking water and wastewater and rural water systems, as well as inland waterways systems. A warm welcome to Sophia Oberton, John Sullivan, Shailen Bhatt, and Evan Pratt.

“We will also hear from our colleagues, Senator Angus King and Representative Mike Gallagher, who serve as Co-Chairs of Cyberspace Solarium Commission, the bipartisan intergovernmental body created in 2019 to develop a strategic approach to strengthen our defenses against cyberattacks. Both Senator King and Representative Gallagher have provided invaluable leadership on the issue of cybersecurity. I’m pleased to welcome them here this morning, and I thank them both for joining us.

“I especially want to thank Ranking Member Capito this morning for suggesting this hearing and for her work and the work of her staff in helping to pull it together.

“All of us gathered here today understand the importance of protecting our nation’s critical infrastructure. Yet, in the past year alone, we have witnessed several major cyberattacks that have hobbled critical systems across our country.

“Unfortunately, no government agency or industry is immune to attacks from the vast array of bad actors who seek to undermine our security and profit from our vulnerabilities. We face threats from unscrupulous individuals, criminal enterprises, and antagonistic state actors 24 hours a day and seven days a week.

“It’s clear that many of our nation’s vital transportation and water systems face especially serious challenges in dealing with cybersecurity vulnerabilities.

“A 2019 report from the Federal Highway Administration stated that ‘The Department of Homeland Security considers the Transportation Systems Sector to be 1 of 16 critical infrastructure sectors … so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.’

“It’s not hard to imagine how they came to that conclusion. If we look at our highways, our tunnels and our bridges, we can see that each are dependent on vast inter-operating computer systems, each with their own vulnerabilities to cyberattacks.

“We should also be increasingly concerned by the mounting cybersecurity challenges facing our nation’s drinking water and wastewater systems. According to a 2019 report by the American Water Works Association, cyber risk is the top threat facing the U.S. water sector. Just one year earlier, the Department of Homeland Security and the FBI warned that the Russian government was specifically targeting the water sector and other critical infrastructure as part of a multi-stage intrusion campaign.

“Cyber vulnerabilities in our water systems represent unique national security challenges. A major breach in our water infrastructure system could jeopardize the safety of our drinking water and impair communities’ ability to safely dispose of harmful waste, threatening human health.

“The cybersecurity of our inland waterways is yet another area that requires our attention. Approximately 15 percent of all domestic freight moves through our intra-coastal and inland waterway system. The safeguarding of this system is vital, not only for economic activity but also for effectively protecting our communities from flooding.

“These threats are large in scale and require widespread collaboration. I am looking forward to hearing from all of our distinguished witnesses on how federal and state agencies can work together with industries and community leaders to strengthen the cybersecurity of each of these vital parts of our infrastructure. But before we do, however, let me offer some observations upfront.

“There is no one-size-fits-all solution to all of the different cyber threats facing our critical infrastructure systems. At the federal level, we should build flexibility into our solutions so that state and local leaders have the tools they need to effectively address their unique cybersecurity challenges.

“At the same time, we must also recognize that many local government agencies and infrastructure systems face significant challenges in just fulfilling their core missions. Therefore, any federal assistance in cybersecurity should be structured to help these entities remain focused on their core missions.

“Finally, I believe it is incumbent on us to recognize that cybersecurity is a long-term, constantly evolving challenge. Addressing this challenge requires sustained federal investment, not one-time solutions.”