Pallone Remarks at Oversight Hearing on Ransomware Attacks
Energy and Commerce Committee Chairman Frank Pallone, Jr. (D-NJ) delivered the following opening remarks today at an Oversight and Investigations Subcommittee hearing titled, “Stopping Digital Thieves: The Growing Threat of Ransomware:”
The Energy and Commerce Committee has a long history of examining cybersecurity on a bipartisan basis. Over the past several years, we have held hearings on strengthening cybersecurity in the health care and energy sectors. We have also been regularly briefed by agencies on a variety of critical concerns related to both previous and recent cybersecurity threats and attacks.
While we have made progress, it is clear much more needs to be done to address the ongoing threats we see nearly every day.
One area of particular and growing concern is ransomware, the topic of today’s hearing. Ransomware is a malicious cybersecurity attack that paralyzes victim organizations. The attack freezes computer systems and holds data hostage until a ransom payment is received.
Ransomware used to be considered a nuisance crime impacting only an individual computer. In recent years, however, it has evolved to affect the entire networks of organizations and even governments, extorting entities for enormous sums of money.
Increasingly, criminals deploying ransomware are not just freezing the data of victim organizations but are also pilfering sensitive business and consumer data. On top of locking down computer networks, they also threaten to release the stolen data as an additional method to leverage a ransom payment.
In just the past few months, we have seen a surge of ransomware attacks that at times have brought aspects of normal life and commerce to a standstill.
The ransomware attack on the Colonial Pipeline disrupted oil and gas supplies on the eastern seaboard, causing many gas stations to run out of fuel, prices to skyrocket, and grounding air traffic.
Other recent attacks have threatened local police departments, including the DC Metropolitan Police, and victimized schools, local governments, and hospitals already grappling with the COVID-19 pandemic.
I also want to underscore that the challenges brought on by these attacks are particularly acute for small businesses, many of which lack dedicated information technology staff and resources and are just trying to keep their businesses operating. These victims may have no idea who to turn to if their data is subject to a ransomware attack. We simply cannot leave victim organizations on their own when figuring out how to defend against and respond to these cyber criminals.
Given the huge scale and scope of these threats, I am pleased that President Biden is taking decisive steps to tackle this challenge. Just last week the Administration announced a new website, StopRansomware.gov, that is meant to provide a one-stop hub of ransomware resources for individuals and businesses. The website outlines the simple steps small businesses can take to protect their networks and provides guidance to these organizations on how to respond to ransomware incidents.
The President is also leading a whole-of-government effort to disrupt ransomware campaigns and go after the criminals who launch them.
The Administration’s strategy announced last week builds on an effort launched by the White House in May. It will make it more difficult for criminals to transfer funds using cryptocurrency, help make U.S. institutions more resistant to hacking, and urge international cooperation.
But the Administration cannot address this enormous challenge on its own. Congress must also take action, and that’s why this oversight hearing is so important today. I look forward to hearing from our witnesses who have dedicated their careers to cybersecurity. They are uniquely positioned to make recommendations on the types of policies needed to defend against future attacks. I am interested in their ideas as we explore potential solutions that will help further protect our nation’s critical infrastructure networks, businesses, and consumers.
With that, I thank the Chair for holding this hearing and I yield back.