Skip to player
Skip to main content
Search
Connect
Watch fullscreen
Like
Bookmark
Share
More
Add to Playlist
Report
'Keeps Me Up At Night': Andy Ogles Warns Cyber Attacks On Utilities Are The 'Next Battlefield'
Forbes Breaking News
Follow
7 weeks ago
During a House Homeland Security Committee hearing in July, Rep. Andy Ogles (R-TN) spoke about cyber attacks on utilities infrastructure.
Category
🗞
News
Transcript
Display full video transcript
00:00
Neil's back. I now recognize the gentleman from Tennessee, Mr. Ogles, for five minutes of questions.
00:04
Thank you, Mr. Chairman, and thank you to your witnesses for being here.
00:07
Obviously, this is a high-stakes issue. I mean, it's the next battlefront, if not the battlefront,
00:13
as we move forward. And when you look at the China threat that Ms. Zetter, I think you've
00:19
touched on, or all of you have touched on. But specifically, I want to start with Ms. Bolton.
00:23
So, formerly, I was county executive in my community. And what I can say is that, you
00:31
know, although we were one of the fastest-growing counties in the state of Tennessee, number
00:36
one producer for manufacturing jobs in the state of Tennessee while I was a county executive,
00:41
I can tell you that from a cyber and IT, OT perspective, we were arguably vulnerable.
00:48
Please expand on that vulnerability when you look at bad actors as it relates to kind of,
00:53
you know, just our infrastructure security and what the consequences might be if there
00:59
was a coordinated, systematic attack against those local communities.
01:03
So, a lot of what we see, and you're completely right, a lot of what we see is that the threat
01:09
actors are targeting the most vulnerable organizations, right? Many times, those are smaller organizations
01:15
without cybersecurity expertise. They're at the county level. They're at the local level.
01:20
And you see actors either targeting those for, you know, for target practice, learning, and
01:28
then moving to bigger systems, or they're doing it in a coordinated manner across a number
01:33
of different states and localities. Particularly, we see that in the energy sector. And they're
01:38
using that as a means to prepare the battlefield, if you will, for if they're in a contingency.
01:46
If it's China, for example, if they're sitting on our networks, that is extremely dangerous. Even if
01:54
they're not conducting any particular operations right now, one, we can't guarantee that they're
01:58
off the networks, even when we find them. We find them too late. We find them three years after the
02:04
fact. And what we don't want to have happen, if, for example, we're planning for a 2027 contingency,
02:11
then we need to start doing the work now to build resiliency, defense in depth, the ability for those
02:18
smaller local and county entities to be able to secure their, to secure all of those ports, right?
02:25
Secure the remote access, put in stronger multi-factor authentication, modernize their legacy IT.
02:32
And that's why I think it's so important to reauthorize the state and local cyber grant program,
02:37
because without those resources, like I said, most of those localities are using all the funding
02:43
for physical security and not OT.
02:47
And Mr. Chairman, you know, again, coming from that, that local governance background, county executive,
02:54
and I can, I'll speak for Tennessee. Obviously, everybody knows Nashville and knows Memphis,
02:59
larger cities with more arguably or hopefully more robust systems. But a lot of Tennessee is rural,
03:05
just like a lot of states across the country. And what you see are electric cooperatives. So just
03:11
like the county may be vulnerable to that infrastructure attack, my guess is, in most
03:16
cases, so are those local cooperatives. So is some of the water cooperatives as well. And so as we look
03:23
forward to, again, the next battlefield and what keeps me up at night, and quite frankly, Mr. Chairman,
03:28
what I would argue that the most important, some of the most important work that we'll do on
03:32
this committee, this whole committee is what we're doing in cyber, as we prepare this country for that
03:38
next battle. And it's going to be on our computers, it's going to be across our networks. And I would
03:44
argue it's going to be in our local rural communities that they're going to hit first, because then they
03:49
can switch cheese, our electrical grids and our water systems and our water treatment plants, etc.
03:53
That's what keeps me up at night. So with that, I'd love to stay on this topic and just kind of go
03:59
down the line. We'll start with you, Ms. Zetter, to see what you might want to add to this subject
04:03
matter, please. I think you're absolutely right in terms of the small utilities and cooperatives like
04:09
that. They don't have the money, they don't have the resources, they don't have the expertise on
04:14
staff, they don't even hire security people. But I want to also say that, you know, we sort of
04:19
anticipate that the large organizations would be more secure. And if you look at what happened
04:27
to Colonial Pipeline in 2021, we see that this was really a major organization, critical infrastructure,
04:33
supplying a lot of gasoline to the East Coast. And yet, Colonial Pipeline at the time that it was
04:39
attacked did not have a CISO on staff. They also had a legacy system that the attackers got in an old
04:45
VPN account. They were no longer using, but hadn't bothered to disable. And they came in through a
04:51
password that potentially was, well, it was leaked on the internet. So the employee who had the password
04:58
had used it for other accounts, and then it was leaked on the internet in other breaches. One other
05:03
point about that was the attackers, we think, only got to the IT network, didn't actually make it to the
05:10
OT network. But Colonial Pipeline shut down the pipeline because they feared that the attackers
05:16
would get to the OT network and then encrypt it and lock it. But when the CEO of Colonial Pipeline
05:21
testified to Congress, he testified that they had very secure, highly segmented OT and IT networks.
05:30
But if they were that confident that the networks were segmented, then they wouldn't have had to shut
05:34
down the pipeline as a precaution. So I just want to say that, yes, those smaller entities are a big
05:41
issue and a prime concern, but also the larger entities are having the same problems and not
05:47
keeping up. Yeah, thank you, ma'am. And I apologize, Mr. Chairman, I'm over time, but I yield back.
Be the first to comment
Add your comment
Recommended
6:03
|
Up next
‘The Future Of Warfare Is On The Cyber Battlefield’: Andy Ogles Urges Cybersecurity For Vulnerable Areas
Forbes Breaking News
6 months ago
4:02
Andy Ogles Asks Experts How To Shield Smaller Communities From China's Salt Typhoon Cyber Attacks
Forbes Breaking News
4 months ago
5:24
James Lankford Presses Trump Nominee On Protecting Infrastructure From Cyberattacks By Adversaries
Forbes Breaking News
4 months ago
6:03
'Basically Unlimited Access': Josh Hawley Shares The 'Truth' About Cyber Attacks On US Telecom
Forbes Breaking News
4 months ago
5:28
'There Could Be A Malicious Attack Occurring Right Now': Eric Swalwell Urges CyberSentry Funding
Forbes Breaking News
7 weeks ago
2:48
Angus King Slams CISA Dismantling Amid Growing Cyber Threat: ‘We’re Essentially Unilaterally Disarming’
Forbes Breaking News
6 months ago
5:56
Andrew Garabino Asks Cybersecurity Experts Point Blank About CISA's 'Effectiveness' Amid Trump Layoffs
Forbes Breaking News
7 weeks ago
3:05
Mike Rounds Questions Top DoD Official About Using AI To Enhance Cybersecurity
Forbes Breaking News
6 months ago
4:08
Jacky Rosen Warns Of Cyber Threats From Foreign Adversaries Continuing To ‘Intensify Everyday’
Forbes Breaking News
6 months ago
13:24
Cybersecurity criminals rarely face jail time, says former White House cybersecurity coordinator
Fortune
1 year ago
5:17
Angus King Slams Lack Of Cyber Security Deterrence: ‘There’s Never A Price To Be Paid By Our Adversaries’
Forbes Breaking News
6 months ago
5:37
Clay Higgins Sounds The Alarm On 'Irreversible Impact' Of Lacking Cybersecurity Protections
Forbes Breaking News
4 months ago
5:25
LaMonica McIver Calls To Renew Congressional Funding For Cybersecurity Grants
Forbes Breaking News
2 months ago
6:10
'Our Adversaries Are Not Cutting Back': Seth Magaziner Warns Against Proposed Cybersecurity Cuts
Forbes Breaking News
4 months ago
4:03
'We Don't Flex Out Muscle Often?': Gimenez Asks Cybersecurity Expert About Offensive Cyber Capacity
Forbes Breaking News
2 months ago
4:11
Andrew Garabino Warns Zero-Day Hack 'Vulnerabilities Are Far From Being Eliminated'
Forbes Breaking News
2 months ago
5:22
Eric Swalwell Presses Cybersecurity Experts On Reforming US Cyber Security Clearance Process
Forbes Breaking News
4 months ago
2:35
Jacky Rosen Asks DoD Official About Adapting Training Pipeline To Deter Changing Cyber Threats
Forbes Breaking News
6 months ago
4:42
'Less Capability, Less Capacity, & Less Collaboration': Swalwell Slams DOGE Cuts To Cybersecurity
Forbes Breaking News
2 months ago
1:19
Deputy PM: Russian cyber-attacks are real and serious
ODN
2 years ago
6:58
'Where's The Outrage On The Other Side, Folks?': Andy Ogles Blasts Dems Over Missing Children
Forbes Breaking News
3 months ago
5:47
Andrew Garbarino Presses Witnesses On Potential Privacy Violations In Federal Cybersecurity Law
Forbes Breaking News
4 months ago
5:34
Mike Rounds Asks DoD Nom About Evolving Threats From Cyber Artificial Intelligence And Space Domain
Forbes Breaking News
5 months ago
5:20
Andrew Garbarino Suggests U.S. Law Enforcement ‘Just Stop Using’ Chinese-Made Drones
Forbes Breaking News
2 months ago
5:50
Andy Kim Asks Witnesses About Effect Of Climate Change And Strong Weather Events On Rail
Forbes Breaking News
3 months ago
Be the first to comment