Last week, House Committee on Homeland Security Chairman Andrew Garbarino (R-NY) held a Subcommittee on Cybersecurity and Infrastructure Protection hearing to examine the evolution of threats to critical infrastructure following the discovery of Stuxnet 15 years ago.
Witnesses highlighted the importance of reauthorizing the Cybersecurity Information Sharing Act (CISA) of 2015 and the State and Local Cybersecurity Grant Program (SLCGP); the need to defend operational technology (OT) found in critical infrastructure; the significance of private-public sector partnerships and unified federal guidance on cyber defense strategies; and the need to refocus the Cybersecurity and Infrastructure Security Agency (CISA) to its core mission of federal civilian network defense and protecting our nation’s critical infrastructure.
Witness testimony was provided by Tatyana Bolton, executive director of Operational Technology Cyber Coalition (OTCC); Kim Zetter, author of “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon” and adjunct professor at Georgetown University; Robert M. Lee, CEO and co-founder of Dragos; and Dr. Nate Gleason, program leader at Lawrence Livermore National Laboratory.
In her opening statement, Zetter explained how Stuxnet changed the cyber landscape:
“It was 15 years ago that Stuxnet was discovered on systems in Iran, but despite the passage of time, its impact is still felt today. Stuxnet was a digital weapon designed to sabotage Iran’s nuclear program by targeting industrial control systems at its uranium enrichment plant at Natanz… Stuxnet was a first of its kind attack, the first known case of malicious code designed to leap from the digital world to the physical realm to cause disruption and destruction, not of the computers it infected, but of equipment and processes these computers controlled, in this case the centrifuges at Natanz. The same techniques Stuxnet used can be used against critical infrastructure in the U.S. to disrupt services the public government and military rely on or to damage equipment that can also cause death––either directly by causing passenger trains to collide or indirectly by preventing patients from being treated at hospitals because the electricity is out.”
The original announcement can be found here.
