Q&A: Cybersecurity is National Security

Q&A: Cybersecurity is National Security

With U.S. Senator Chuck Grassley

Q: Is the federal government doing enough to protect critical infrastructure from cyberattacks?

A: Cybersecurity may not be top of mind for Iowans struggling to buy groceries, recover from historic flooding and storm damage or finish the fall harvest. However, as your senator, I'm working to prevent serious disruption to daily life and protect national security from malicious cyberattacks. Cybercriminals pose risk to Americans' financial security, from identity theft to drained bank accounts siphoned by digital thieves. Malicious cyberattacks from terrorists and foreign adversaries also pose tremendous disruptions to utilities, transportation and communications that would bring daily life to a "screeching halt," according to the Government Accountability Office (GAO). In June, the GAO issued a comprehensive analysis that exposed glaring vulnerabilities in the federal government's cybersecurity preparedness. Its report calls for urgent action to address cybersecurity gaps facing critical infrastructure systems that impact life as we know it.

Even before the recent GAO report, I called upon seven of nine federal agencies charged with shielding the U.S. from cyberattacks. The Departments of Treasury, Transportation, Homeland Security, Energy, Defense, Health and Human Services, and the Environmental Protection Agency have been dragging their feet to implement recommendations to tighten up cybersecurity protocols and beef up risk management strategies. Keeping Americans safe is job number one for the federal government. If these federal agencies are asleep behind the wheel, the U.S. economy and critical corridors of American life are at serious risk of compromise.

Q: Which specific concerns have you flagged to federal agencies?

A: Let's start with energy. Safeguarding our energy grid is vital to daily life and national security. Energy powers our homes, businesses and farms. A cyberattack on the nation's energy grid would have catastrophic consequences to health care systems, financial services, transportation networks, municipal utilities and more. I've pressed the Department of Interior to explain its cybersecurity strategies to safeguard our nation's offshore energy network on the U.S. Outer Continental Shelf. I've also pressed federal agencies to strengthen frameworks in our food supply chains. A few years ago, an Iowa grain co-op was the target of a Russian cybercrime attack. The co-op narrowly managed to avert a crash in grain prices without paying the $5.9 million ransom. This attack and others reflect the serious risk to our nation's food security and farm economy. That's why I pushed to hold a hearing in the Senate Judiciary Committee to examine how to prevent and respond to ransomware attacks. These kinds of crimes are surging, and as cybercriminals pocket ransomware payments from companies desperate to get access back to their operations, they are emboldened to continue more attacks and disrupt more businesses.

The federal government must step up its preparedness to prevent, curb and respond to cyberattacks, across the board. Earlier this year, the Senate Finance Committee held a hearing to examine cybersecurity defenses in the U.S. health care industry. I pressed for answers on how the private sector is collaborating with the federal government to protect patient data and thwart ransomware. More recently, I launched an inquiry into the sweeping AT&T hack in April that compromised customers' call and text history between May 1 and October 31, 2022. The massive data breach impacted 90 million Americans' data, including federal agencies. I demanded answers from 17 federal agencies to find out what government materials may have been stolen and what the agencies are doing to mitigate future risks. What's more, I've repeatedly sounded the alarm with the Cybersecurity and Infrastructure Agency (CISA) - our nation's top cyber defense agency - to ensure it is doing its job to protect critical infrastructure from bad actors. In August, I wrote CISA to learn more about a massive data breach at National Public Data, a data broker company that provides background checks and fraud prevention services. In that case, the hacker allegedly leaked personal data on the dark web for up to 170 million people. Through my oversight and legislative work, I'm pushing to ensure private entities and the federal government are taking necessary steps to protect national security and prevent the personal information of the American people from falling into the wrong hands. In June, I joined bipartisan legislation to protect Americans' online presence from bad actors, by requiring websites and apps to disclose to users if their business operations are subject to the control of China, North Korea, Russia or Iran.

October is National Cybersecurity Awareness Month. To learn more on how to protect your personal information and reduce online risks, go tohttps://www.cisa.gov/cybersecurity-awareness-month.

• Print
• Email
• Like
• Tweet