WASHINGTON, DC - Today, Rep. Elise Stefanik (R-NY), Ranking Member of the House Armed Services Subcommittee on Intelligence, Emerging Threats and Capabilities, made the following remarks, as prepared for delivery, before the Subcommittee's hearing titled, “Review of the Recommendations of the Cyberspace Solarium Commission”:
"Thank you, Chairman Langevin.
"Welcome to our witnesses. Senator King, Congressman Gallagher, Congressman Murphy, and Mr. Cilluffo – it is great to have you before the subcommittee today. I thank you, not only for your leadership and service to the Cyber Solarium Commission, but your long and distinguished records of public service to this country. And although not testifying today, I’d also like to thank Chairman Langevin for his service on the Commission as well as all of the other commissioners not participating today.
"I think it’s truly remarkable how much ground the Cyber Solarium was able to cover in such a brief period of time. In eleven short months, the commission developed over fifty legislative proposals, twenty-two of which were included in the House-passed version of the National Defense Authorization Act. This impressive commitment reflects the hard work of the commissioners and the staff, and also recognition that we must address these issues immediately.
"As is often the case, our nation’s strategy, policy, and laws trail the advent of new technology. This is true of many emerging disciplines, but none as consequential as cyberspace. The debilitating cyber-attack on Estonia in 2007, the devastating Office of Personnel Management data breach in 2014, and the cyber-attack on the city of Atlanta in 2018 - all should have served as wake-up calls for the need of a comprehensive strategy to bolster our cyber defenses, to deter hostile action in cyberspace, and to build more resilient public and private cyber infrastructure.
"The threat actors in cyberspace are as diverse as the tools and tradecraft they employ to infiltrate and attack our networks. And while we must maintain a flexible and adaptable approach to meet the evolving threat, we must also communicate an unequivocal position that demonstrates our willingness to defend the United States in cyberspace and impose costs on our adversaries, if, and when deterrence fails. I firmly believe we must simultaneously strengthen our cyber defenses and demonstrate our unwavering resolve to challenge our adversaries in cyberspace.
"I appreciate the commission’s recognition of this as well. Deterrence alone is not sufficient, especially with the challenges of timely attribution and the notional “fog of war” in cyberspace. The United States must proactively take steps to increase the resilience of our networks and our nation’s critical infrastructure. This task is not one that the federal government can take on alone. Any effort to bolster our cybersecurity must be done in partnership with the private sector, our cities and states, and our critical infrastructure operators. The commission’s recommendations that were included in the NDAA address this reality; accountability, information sharing, collaboration, and more timely response and mitigation to cyber incidents are all critical attributes that we must reinforce and strengthen.
"While the Commission’s remit is coming to an end, the work is not done. We have a long road ahead to see these through conference and fully implement these changes. I look forward to ensuring the Cyber Solarium commission’s recommendations are translated into concrete action.
"We have a lot to talk about, so thank you again to each of our witnesses. I yield back."