Community center . No, it is way more than that. Comcast is partnering with 10 Community Centers to create wifi enabled li zones, so students from low income milies can get the tools they need to be ready for anything. Comcast supports cspan as a Public Service. Along with these other television providers. Giving you a front row seat to democracy. The director of the cybersecurity and infrastructure Security Agency, jen easterly, testified for a house subcommittee on a range of technical challenges facing the u. S. Artificial intelligence, and concerns about the chinese government. And information sharing. [silence] the committee on Homeland Security subcommittee on Cyber Security and Infrastructure Protection will come to order. The purpose of this hearing is received testimony from jen easterly, director of cybersecurity and infrastructure Security Agency. We now recognize Ranking Members for the purpose of seeking unanimous consent. Thank, you chairman, i asked for unanimous consent that the gentlelady from new york, miss clark, be permitted to participate in todays hearing . That objection so ordered. I now recognize myself in her opening statement. Welcome back for our second subcommittee hearing of the congress. Last month we hosted Industry Leaders to give their perspective on the state of american cybersecurity and particularly how Cybersecurity InfrastructureSecurity Agency or cisa has developed since its creation five years ago. I am glad we will hear directly from the director jim easterly, for her views on the evolution where needs to grow and mature by 2025. Director easily and i have a fantastic working relationship since i started as Ranking Member of the subcommittee last congress. I look forward to continuing our strong bipartisan relationship with this congress. In our last hearing, there was some common themes for our witnesses that i hope to further explore with directories this afternoon. First we learn that system must work with the industry and variations the partners to ease compliance, the compliance burden that industry faces for duplicative regulation. It is clear that our nation must increase resilience to cyber risks across the board. Particularly within our Critical Infrastructure sectors. But we must find the right balance between Regulatory Burden and security outcomes. We also heard a lot about one of jcdc. We are jcdc has the potential to be a value add to the private sector, benefit both the jcdc and the industry. Finally and perhaps most foundationally, we heard about the need for robust cybersecurity workforce. We had only the enough people, but there are people with enough skills this is one of my Top Priorities this Progress Development of our Cyber National workforce. This hearing is timely and comes as we are evaluating the president s fiscal year in 2024 budget request. Cisa is requesting 3. 1 billion, 145 billion 2023. Enacted funding level. He dialogue we had during this hearing will help in the former committees review of the budget. Particularly no system abolition of the National Security system production. I think i speak for all members when i say that we want to statues exceed. Its mission is two important avail. It is our responsibility to ask pointed productive questions about this is stewardship of the resources and Authorities Congress has given. As i said in our last hearing congress intends to be partner to cisa to ensure the agencies meets its full potential. Director easterly i look forward to your testimony today and i thank you for being here. I now recognize the Ranking Member, the gentleman from california, mr. Swalwell for his opening statement. Thank, you chairman, and welcome director. It was just 12 hours ago that the chairman and i were here early in the morning with our colleagues voting. I dont think we voted the same way on many of the amendments yesterday. But on this issue and your success, there is no daylight between the chairman and i. And my colleagues. Your success is americas success in this space. In that its something we are rooting for and want to enable. I also represent east Bay California district that is home to tech giants like trying to outand workday. But also an emerging cybersecurity Insurance Company called sawyer security. And ive worked with all of them to protect not just Large Companies but small and Medium Sized Companies from emerging threats. As a chairman said, says that an Inflection Point in cross. They made an operational component of dhs five years ago. Since then its budget has nearly doubled. And congress has provided it with a range of new authorities. For mandatory cyber Incident Reporting to persistent threat lobbying on federal networks. To cyber century. And cisa has ambitiously taken on new responsibilities to meet the demands of an evolving threat landscape. Building trusted relationships with new stakeholders in the process. For that i and our team command says that for its Proven Ability to dynamically respond to evolving threats ranging from Election Security to open Source Software vulnerabilities and the shields of campaign. And as it relates to Election Security, i hope to hear an update from cisa on some recent successes. It has launched promising new initiatives including the National RiskManagement Center and the joint Cyber Defense collaborative. A collaboration that so many outside organizations, private sector folks are asking, how do we get in . How do we persevere . Which to me means you are a victim of your own success in that regard and that there is high interest in growing and expanding the ability to share information and collaborate to take on our threats. All of these are worthy efforts and i support them and im committed to their success. Today i look forward to hearing how they will continue to deliberate and then you work it takes on and the commitments it makes to our partners. As more stakeholders become aware of cisa and its capacity. They have placed more and more demands on its resources. Cisa cannot be as you know every thing to every one. And certainly it has not had half the resources to boil the ocean. Becoming the powerhouse cybersecurity Critical Infrastructure defense agency, cisa has the potential to be requires what cisa has the potential to be, it requires clear Strategic Direction and chairman leadership. I have every confidence that director easterly has both and i will be interested in learning more about your vision for cisa moving forward. I am also interested as a reference to the future of jayz easy, stakeholders have a lot in jcdc of an innovative flexible tool for salah to gather and views threaten information and foster realtime collaboration and push out security practices to initiatives like its shields up campaign. Over the past year and a half cisa has expanded jcdcs focused to include open Source Software security and protecting highrisk communities by journalist or Civil Society organizations. Although these are worthwhile efforts it is unclear what criteria jcdc is using to select which areas to focus on. Which organizations to partner with. And how these activities are tied to the jcpoas original purpose of streamlining cyber planning and operational collaboration. I look forward to candid conversations about defining jcdcs core functions. How to ensure jcdc partners are involved in decisions about its future. And how it can bring a more proactive posture to cisas defense activities. Formalizing the answers to these questions through authorization will ensure jcdc has enduring value for years to come. On a related note i understand that cisa is in the process of reviving the National RiskManagement Center and i look forward to learning more about plans to make csis analytical hub. Finally, it is critically important that says they do more to secure Industrial Control Systems and other operational technologies. I appreciate the support from my legislation that we passed through the law last year. The Industrial Control System cybersecurity training act which will solidify the existence of meaningful training courses, to ensure ot remains at the forefront of our security focus. As i am sure you will agree, descent must develop that workforce now. Not five years from now. Also doing more tooth to promote threats to understand threats to oc easthams. Pushed out its cyber performance goals. And grow programs like cyber century that monitor our ot threats. Thank you again to the chairman for convening us here today. Thank you director easterly and your team who has worked with us i look forward to a robust conversation about attacking threats that we face. I yield back. Thank you, Ranking Member. I do not see the chairman of the Ranking Member of the full committee. So others members of the committee reminded that Opening Statements may be submitted for the record and i am pleased to have director easily before us to discuss the important topic and i ask that our witness please rise and raise their right hand. Do you solemnly swear that the testimony will give before the committee of Homeland Security of the United States has for this be the truth, the whole truth, nothing but the truth, so help you god . Yes. Let the record reflect that the witnesses answered in the affirmative and thank you and please be seated. I wouldve looked formally introduce our witness jen easterly hes she is the director of Cybersecurity InfrastructureSecurity Agency had to adjust. She was nominated by President Biden april 2021, and unanimously conservatives confirmed by the senate from july 12th 2021. It is no easy feat. As director she leads the effort to understand an inch and reduce risks to the cyber and physical infrastructure that americans rely on every day. The four serving her current role she was the head of Firm Resilience and Morgan Stanley and responsible for ensuring preparedness and response to business disrupting operational incidents and risks. She also has a long tenured Public Service to include two tours at the white house. Director thank you for being here today, and i recognize you for five minutes to summarize your opening statement. Thank you so much. Chairman and Ranking Member and the members of the subcommittee for the opportunity to appear before you today. Finally excited to share what we are doing to ensure that the system of today and tomorrow is the agencyreduce risk to the cy physical infrastructure that americans rely on every day. Since cisa was established in 2018, the threats we faced have become more complex, more geographically disbursed and dispersed and affect businesses from sizes large and small and ultimately the american people. Cisas mission has never been more urgent and its a sense of urgency that each of us at cisa feels every day to ensure that we are making the best use of the resources and authorities that congress has jen rustsly pro generously provided to us in the past several years and having a clear return on investment both to you and the american people. As youre well aware, the past two years have been pretty intense. From the solar Wind Supply Chain compromise to the Ransomware Attack on Colonial Pipeline, to vulnerabilities in Microsoft Exchange servers, from our shield up campaign, from russia militia cybersecurity, to help state and local Election Officials secure election infrastructure during the 2022 midterms. Cisa, along with our partners, have been front and center on each. Weve aggressively leveraged all of the authorities weve had to enhance our operational vulnerability to hunting to conduct planning and operations with our Industry Partners including our Operational Technology and Industrial Control System partners through the joint Cyber Defense collaborative to identify vulnerable systems through oured a minute admin subpoena process. To serve as both a sector Risk Management agency for eight sectors and one subsector and more broadly as the National Coordinator for Critical Infrastructure security and resilience working with our sisters to reduce crosssector risk. Even as we maintained the highest operational tempo in an increasingly complex and threat environment weve been growing and maturing as a new agency. Cocreating a culture of collaboration to enable us to attract and retain the best talent in the nation. And indeed, growing that talented workforce by nearly 1,000 new teammates in the last couple years. Meticulously executed our rapidly expanding budget to ensure we remain responsible stewards of taxpayer dollars. And last september we published our firstever Strategic Plan which outlines our Ambitious Goals through 2025 across four key pillars Cyber Defense, Risk Reduction and resilience, agency reunification. I greatly appreciate this committees steadfast work to help cisa achieve these goals and also appreciate that the tenetess outlined in the cisa 2025 plan from optimizing the organization, growing an expert Cyber Workforce, advancing our capabilities, harnessing partnerships and measuring outcomes to determine progress are all well aligned. So our efforts together can advance a shared vision for cybersecurity in america. Were aggressively executing this plan working with our trusted partners to enable a collective defense of our Critical Infrastructure to include working with those target rich cyber poor entities like Small Businesses and School Districts and water facilities and hospitals and local election offices to ensure that they have the resources and tools they need to improve their cybersecurity and build resilience. Needless to say, theres much, much more to be done to protect and defend our nations Critical Infrastructure from driving adoption of secure by Design Principles in our Technology Products to championing corporate cyber responsibility in every board room to implementing a groundbreaking cyber Incident Reporting regime and much more done torp done to mature our great team and optimize our value to our partners. With perhaps no partner more fundamental to our sesquicentennial than you success than you all. We would not be here today without tremendous bipartisan congressional support, especially from this committee and this subcommittee. We are very grateful for your commitment to ensuring cisa is armed with the talent, the resources and the authorities necessary to meet our mission of reducing risk to the Critical Infrastructure americans rely on every day. This is truly a nofail mission. And thanks to your support, we are thriving. And while were proud of what weve accomplished to date, we recognize the crith cality of crith kalt of continued support in terms of authorities and budget to ensure that we sustain this progress. We must and we will continue pushing hard under your oversight and with your support to strengthen this agency and by extension the security and resilience of our nation. Thank you for the opportunity to appear before you today. I look forward to your questions. Mr. Garbarino thank you, director easterly. Members will be recognized by seniority. An additional round of questioning may be called after all members have been recognized. And i just not going to call myself first because my vice chair has another hearing she has to go through and i know she has some very interesting questions. I would like to yield i re