OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Energy Emergency Leadership Act

Floor Speech

Date: Sept. 29, 2020
Location: Washington, DC

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Mr. Speaker, I rise for purposes of expressing my concerns with H.R. 362, H.R. 360, and H.R. 359, in their current forms.

Mr. Speaker, I am concerned that, without clarification, these bills risk significantly disrupting how the Federal Government has collaborated regarding cybersecurity for nearly two decades.

Congress has repeatedly supported the framework that designates the Department of Homeland Security as the lead for ensuring that Federal agencies work together and with the private sector to protect and secure critical infrastructure.

This framework was developed in the wake of the 9/11 terrorist attacks to guard against repeating the mistakes of a disjointed, siloed approach to national security and is well-understood and has been well- litigated within this body.

It has been reinforced repeatedly by numerous laws, Presidential policy directives, and executive orders that have the support of Democrats and Republicans alike.

The policy is clear: DHS serves as the lead agency responsible for coordinating Federal efforts to protect critical infrastructure in the 16 diverse sectors.

To carry out this mission, DHS, through the Cybersecurity and Infrastructure Security Agency, or CISA, is tasked with coordinating with other sector-specific agencies.

The Department of Energy is the sector-specific agency for the energy sector and is well-suited to do so. Its role as the facilitator of robust cybersecurity within the energy sector is important.

However, the problem common to the three measures today is that, in their current forms, they risk siloing cybersecurity efforts when it comes to protecting the energy sector, as none of them acknowledges DHS as the coordinating partner to DOE for cybersecurity.

As a reminder, this is the same infrastructure that has been under sustained, sophisticated attack from foreign adversaries, some of which have been successful.

While cyberattacks against the energy sector have accelerated, the sector does not exist in a vacuum. Over the past few years, DHS and the FBI have been sounding the alarm about Russian-led attacks on energy infrastructure that coincide with and often mirror attacks in other sectors.

In a 2018 technical alert issued to all infrastructure sectors, DHS and the FBI described a multistage intrusion campaign by the Kremlin. The alert explained that Russia used a similar playbook to target U.S. entities as well as organizations in the energy, nuclear, commercial facility, water, aviation, and commercial manufacturing sectors.

In the face of these threats, the Cybersecurity Solarium Commission and others have called for a redoubling of efforts to strengthen DHS' role.

I would like to enter into a colloquy with the gentleman from New Jersey.

Chairman Pallone, I remain concerned that the cyber bill before us, as well as the other cybersecurity bills being considered today, do not provide sufficient direction to the Secretary of Energy to coordinate his Department's cybersecurity activities with the Department of Homeland Security.

Is it your intent that the activities authorized by this legislation be carried out in coordination with the Homeland Security Secretary and that Department?

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. I yield to the gentleman from New Jersey.

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Mr. Speaker, I am glad to hear that, without any equivocation, Mr. Pallone fully expects DOE to coordinate with DHS, but that only addresses one of my concerns.

My other concern is that these bills do not, in any way, shape, or form, detract from or erode the existing authorities of the Secretary and Department of Homeland Security, including the authorities set forth in the Cybersecurity and Infrastructure Security Act of 2018.

I understand that is your position that these bills do not in any way infringe on DHS' existing authorities or prerogatives. Is that correct?

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Mr. Speaker, I thank my friend from New Jersey for that information.

To be clear, it is your intention that these measures do not affect DHS' authority under PPD-21, PPD-41, Executive Order 13691, and Executive Order 13636?

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Would you agree to work with me to communicate to the Senate and the administration that the intention behind these measures is to have the Secretary of Energy coordinate activities with DHS consistent with the existing cybersecurity framework?

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Mr. Speaker, I thank Mr. Pallone for addressing my questions.

While I still have concerns over these measures, I appreciate his willingness to put into the Record these statements and look forward to working with him to clarify expectations going forward.

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Mr. Speaker, I thank the gentleman from New Jersey for his cooperation and clarifying these three pieces of legislation.

BREAK IN TRANSCRIPT


Source
arrow_upward