Congress Has Its Work Cut Out on Stopping Cyber-Attacks

At first glance, it may seem as though the New York Metropolitan Transportation Authority, Colonial Pipeline, a regional ferry company in Massachusetts, a small hospital in Los Angeles, and the world’s largest meatpacker have little in common. They serve different purposes in different industries in different parts of the country and the economy. 

But what we are discovering is that every industry, in every part of the country, both large companies and small, are suffering debilitating and increasingly common cyber-attacks. And these are just the ones that have made headlines – there are many more that have not been made public. 

There’s no mistaking it – cyberspace is the 21st century’s battlefield, and the actions we take today – or don’t – will have long-lasting repercussions on every walk of life. These types of hacks and attacks aren’t new, but they are worsening in terms of scope and scale – interfering with Americans’ daily lives and even endangering our national security.

Every day, hackers and cybercriminals with links to hostile regimes across the globe are attempting to steal, extort and prepare the battleground to disrupt elements of our nation’s critical infrastructure. And although these criminals tend to operate within covert criminal networks, they often benefit from the implicit support of America’s adversaries.

Autocrats like Russia’s Vladimir Putin or China’s Xi Jinping have repeatedly shown a willingness to give cover and safe harbor to cybercriminals and malign actors, or at least turn a blind eye to their destabilizing actions, because it advances their national interests.

It’s abundantly clear that America cannot rely on the leaders of regimes to act against the cybercriminals who operate inside of their borders. But that does not mean we must accept these hacks as a fact of life – far from it. Not when they cost tens of millions in ransom payments, millions in lost productivity, and untold losses to our supply chain or critical industries.

This month, President Biden met with Putin and put forward a clear list of industries and critical infrastructure that constitute a red line and must never be the target of cyber-attacks and hacks. Importantly, Biden promised real consequences if Russia did not cooperate in efforts to hold those responsible to account. This type of blunt talk from the President is a welcome change from the last four years and puts Putin on notice that these attacks will no longer be tolerated. 

Protecting our country from escalating acts of aggression must be a bipartisan imperative and I’m confident that it will be. Republicans and Democrats must work together to enact the sweeping reforms and security enhancements needed to defend America from future cyber-attacks, beef up protections for critical infrastructure and industries, and improve communication between the public and private sectors about threats and attacks. We also need to set nationwide and worldwide cyber rules of the road so all countries are playing by the same rules and are aware of the consequences of providing safe harbor for criminals. 

As chairman of the House Intelligence Committee, I’ll continue to work with the Biden Administration to combat future cyber offensives and impose severe consequences on those who seek to carry them out through sanctions and other means. But the private sector also has a role to play and it must work in tandem with Congress and the Administration to report any attacks as they happen and adopt the security reforms necessary to stop cybercriminals in their tracks.

This threat isn’t going away on its own and may get worse before it gets better. In our increasingly connected world, everything – from the gas that powers our vehicles to the food we feed our families – can be vulnerable to cyber-attacks. But America can do a much better job defending itself and using its considerable cyber capabilities to disrupt those who would attack us. In Congress, we will make sure the Administration has the resources and authorities it needs to do so.