Joyce Remarks at FY24 Budget Hearing for the Cybersecurity and Infrastructure Security Agency (As Prepared)

Mar 28, 2023

Thank you, Director Easterly, for joining us today, and for your military service.

In 2018, Congress authorized CISA to protect the Nation’s cyber and physical critical infrastructure. We invested heavily in this operational agency and its mission over the last three fiscal years, increasing the budget by 44 percent from $2 billion to $2.9 billion.

The President’s latest request would put you over $3 billion. That’s a fair amount of dollars.

Today, I would like us to drill down and quantify the return on that investment for the American people, as CISA’s mission has never been more important.

Nation-state actors backed by China, Russia, North Korea, Iran, and others are targeting government and private sector networks to steal intellectual property, probe our defenses, disrupt operations, cause panic, and inflict financial consequences on the homeland.

Simultaneously, cyber-criminals use ransomware to prey on vulnerable groups including schools, local governments, and hospitals for financial gain. These attacks can cost millions of dollars when a ransom is paid, and also create additional costs from lost productivity and disrupted operations.

CISA is charged with coordinating the defense of the sixteen critical infrastructure sectors, including energy, healthcare, manufacturing, transportation, communications, and the defense industrial base, among others.

We all remember the Colonial Pipeline ransomware attack that disrupted the flow of fuel to a large portion of our country, resulting in nearly $5 million dollars in damages.

Imagine the impact of a coordinated, larger-scale attack akin to the Nord Stream pipeline attack in the Baltic Sea last fall.

Increased vigilance on both the cyber and physical infrastructure front is critical to ensuring both our national and economic security, and public trust.

I look forward to hearing how CISA is leveraging its resources to harden our defenses against adversarial Nation-state sponsored threat actors, cyber-criminals, and other nefarious actors.

But not all challenges CISA faces are external. The rapid growth of the agency over the past few years brought hiring challenges, management and communication difficulties, and organizational growing pains.

Without the right people, CISA cannot fully carry out its mission, regardless of investment. With the private sector also competing for cyber talent, I’m interested to hear how you are attracting, hiring, developing, and retaining employees.

As the country faces continually evolving threats, our workforce too, must evolve. Rapid technological developments will continue to dramatically change network security, and CISA will need personnel with the right tools, training, and tenacity to protect our most critical networks.

I look forward to a robust discussion today and to working together to make sure we see results from our significant investment in CISA.

I’ll now turn to my colleague Mr. Cuellar for his opening remarks.