During a Senate Homeland Security Committee hearing, Sen. Josh Hawley (R-MO) questioned nominees about cyber threats to rural hospitals, and broader access by foreign actors into US telecom systems.
Category
🗞
NewsTranscript
00:00Senator Holling. Thank you very much, Mr. Chairman. Congratulations to all the nominees.
00:05Thank you for being here. Mr. Cairncross, let me just start with you, if I could.
00:09One of the most pressing, but I think also one of the most overlooked vulnerabilities when it
00:14comes to our national cybersecurity posture is the crisis facing our rural hospitals.
00:19And I say this as somebody in a state where 40 percent, 40 percent of the hospitals in Missouri
00:25are rural hospitals. Many of these hospitals have no full-time cybersecurity personnel.
00:31They can't afford it. They don't have the personnel for it. They don't have the budget for it. And that
00:35makes them easy targets for cyber criminals, for ransomware gangs, and even sometimes for nation
00:40state actors. And as you can appreciate, when these hospitals are attacked, it's not just their IT
00:46systems that go offline. It's cancer treatments. It's surgeries that gets canceled. It's emergency
00:52care that gets disrupted. So let me just ask you, are you familiar generally with this issue and
00:57the plights that rural hospitals face in this regard? I am, Senator, and I was saying earlier,
01:02these criminals and our enemies are targeting the most vulnerable Americans, and it's got to stop.
01:09Let me ask you, how would you use your position to help shore up the cyber defenses of rural hospitals
01:14and the broader healthcare sector's vulnerability in critical infrastructure when it comes to this issue?
01:20Sure. The first thing is getting my feet on the ground, working with you, working with all your
01:29offices in your states to ensure that I'm hearing and understand what those needs are. And then I'm
01:36using, if I'm confirmed, the position as the lead coordinator for the U.S. government's cyber policy
01:43to make sure that they have the defenses that they need.
01:48Good. Well, let me tell you about something that we've been doing on our end. Last Congress,
01:52this committee unanimously advanced my bipartisan bill, the Rural Hospital Cybersecurity Enhancement
01:58Act. Ranking Member Peters and I co-sponsored it with many others on this committee. It directed
02:03the development of a comprehensive cybersecurity strategy for rural hospitals. It would also have
02:09directed instructional materials and resources to be made available to these hospitals because,
02:14again, they don't have the budget for consultants. They don't have the budget for people to come in
02:20and do this for them. Does that sound like the kind of approach that you would be willing to work
02:25with us on?
02:26It does. And I look forward to working with you and your team on it.
02:30Fantastic. Well, I'll take you up on that. I think it's absolutely vital for my state and for the many,
02:37many rural hospitals in my state. Let me shift gears a little bit and talk about foreign hackers in a
02:42different context. The threat that's already inside the wire where state-sponsored cyber actors embedding
02:47themselves in our infrastructure systems. We have been told we already have in our telecom system,
02:54this is the salt typhoon issue. We already have hackers who are embedded. In your assessment,
03:01how vulnerable are our critical systems to these kind of state-sponsored infiltration campaigns?
03:06Well, Senator, what I was saying is these attacks are scaling up and they're becoming more sophisticated.
03:10And so what really is key, since so much of cyber defense falls on the private sector in our country,
03:19is a great relationship between the United States government and the private sector. And that
03:25involves going to them and listening and figuring out what are those, what is the barrier to a smooth
03:34and efficient and effective defense. And in some cases, that is working on a regulatory scheme that
03:41makes sense. It's incentivizing information flow and it's using the comparative advantage of the
03:47United States government, which can illuminate the battlefield for the private sector and leveraging
03:54those assets.
03:55Let me just ask you about what can be done in the way of remediation, which is kind of a fancy word
04:02for kicking these foreign actors out of our telecom system. I don't think the American people realize,
04:07in fact, I'm sure they don't. They don't realize the extent to which our current telecom system
04:12has been deeply compromised. I mean, I'll just tell you, members of Congress were told a year ago now,
04:16not even a year ago, that we should just expect that our telephone conversations,
04:24any unencrypted text messages are being monitored constantly by foreign actors.
04:28Our voice messages may well be read. And that's not because there's special access to members of Congress.
04:34It's just because that's where foreign actors would choose to concentrate. If a foreign actor chose to
04:38concentrate on any member of the audience here, what we were told, behind closed doors, of course,
04:44but what we were told is, is that foreign actors basically have unlimited access
04:49to our voice messages, to our telephone calls.
04:53This is astounding. And the American people don't realize it because the American people
04:57haven't been told. This has been kept from them. And they're sitting, these foreign actors are
05:01sitting right now. They're sitting in our telecom system, in our exchanges. What are we going to do
05:07to get them out of there and protect the American people who right now are sitting ducks? And frankly,
05:13they haven't been told the truth.
05:14Yeah. Senator, I think that that is correct. I think you're right that the American public is largely
05:20unaware of the scale of this issue. This is not an IT issue. This is an operational issue. It manifests in
05:27real life. And it has real, potentially life and death consequences. And as I've said over and over again,
05:35they are targeting the most vulnerable among us, along with our telecom system. Volt Typhoon was critical
05:42infrastructure. They are squatting on our system. It is imposing, as I've said, a strategic dilemma on us.
05:48And that behavior needs to change. And in order to do that, I believe we should begin to impose
05:54strategic dilemmas on our adversaries in this domain. Well, that would certainly be a good start.
05:59Thank you, Mr. Chairman. Time has expired. Senator Peters.