Any background noise . Member, please mute their microphone. Going through documents and records please, email documents, im going to abbreviate my opening statement. I will put the full statement in the record given the fact that you probably cant hear me and understand me and im having trouble, you know, this is the second hearing, last hearing was in industries takeholders and we heard a distressing and serious gaps, shortages of several personnel, lack of even the most basic hygiene practices and a consensus among our witnesses that federal government needed to help the private sector which owns and operates 85 of the patients Critical Infrastructure to defend itself and respond to attacks. You know, the bill 3684 will provide funding at the local, state and federal level to enhance response to Cyber Security incidents. It improves the national highway system, other Transportation Systems, capabilities and established office of National Cyber directive to the principle advisory on Cyber Security strategy to identify Cyber Security incidents and coordinate a federal response. Those are noteworthy steps but theres more to do. Today well hear from multiple agencies responsible for transportation, other Critical Infrastructure and their efforts to help private industry. You know, we have, for the most part, relied upon voluntary approach to protecting assets, choosing not to mandate standards for Cyber Security audits or exercises. In contrast, in other areas of the private sector has the potential to cause significant harm and government has established very robust requirements that would be nuclear power, drinking water, wastewater and others to make them safer and more resilient but, you know, there are many of these industries relate to other Critical Industries in the private sector. And voluntary cooperation sometimes isnt enough. You have to spend a bunch of money on Cyber Security. The leeches on wall street are going to say hey, why are you spending all that money on Cyber Security . Trying to manage stock price, we want to see you put the money in the bank. So there needs to be a little nudging here and then, of course, the cost of an incident far exceeds the investment they should have and would have made to prevent that incident, not an absolutely catastrophic incident but basic incidents, ransomware and the other things that are rather routine. So i dont think putting forth basic Cyber Security standards, awareness and training should be voluntary. It should be required. And public safety, National Security, depend upon these steps. In the wake of the colonial pipe line cyber attack, the Security Administration had specific Cyber Security for pipe line to see defend against ransomware and other attacks. Colonial turned down a comprehensive audit before the event which might have helped prevent the event. So, you know, but it was voluntary so they said no thanks, we dont want to know about our vulnerabilities. Last week, tsa issued basic Cyber Security enhancements for the aviation sector. Security director for Passenger Rail, freight rail, detectors early as this week. So this is appropriate time for this hearing. Both the gao sorry and the department of transportations office of Inspector General who well hear from today made thousands of recommendations related to Cyber Security weaknesses at federal agencies and these recommendations remain unaddressed. Some of their more alarming findings find d. O. T. s failure to implement Cyber SecurityRisk Management strategy, weakness in faas approach for avionic systems and commercial aircraft. One of the department stock management challenges. Inconsistent software updates, lacks enforcement of Cyber Security requirements. I. T. Systems at d. O. T. Vulnerable to exploitation of hostile actors. I look forward to hearing from our expert Witnesses Today on the best mitigation potential solutions we could look forward, and with that, i recognize the Ranking Member who hopefully has control of their voice. Thank you, mr. Chairman, before our statement i want to acknowledge your announcement youre not seeking reelection next term and i want to thank you for your long and distinguished career serving three decades in the house of representatives. I have no doubt youre going to finish out your term and work just as hard as ever on behalf of your district and constituents and i also believe you and i agree transportation and infrastructure is one of the best and most important committees in congress and i know you will continue to work diligently to address vital issues for this committee in the coming months. I do wish you and your family all the best in your retirement. Turning to todays hearing, we will continue in examination on Cyber Security challenges, for the transportation and infrastructure sectors. During our first hearing on this topic in november, we heard from the perspective owners and operators of these critical assets about the steps theyve taken to improve their Cyber Security posture. The threats and risks they still face, and the effectiveness of federal government cyber activities. Now, we will hear testimony from some of those federal agencies themselves and how they are providing support to transportation, infrastructure operators, boosting their Cyber Security preparedness and response capabilities. Stake holders have expressed concerns about aspects of those federal programs, for instance, the recent security directives from tsa and i hope we can get some answers on how to improve their implementation. We also will hear today from how federal agencies are protecting their own systems, their own data, and infrastructure from everchanging Cyber Threats. I look forward to hearing from our witnesses, the panel, about the cyber challenges theyve identified and examined, for the federal agencies under the committees jurisdiction as well as receive updates from those agencies on how they are rising to meet these challenges. I appreciate our witnesses joining us today in discussing how operators of federal agencies can work collaboratively to improve Cyber Security of our nations Critical Infrastructure systems and Transportation Systems and transportation infrastructure. So with that, i would yield back and look forward to video . Video does not want to stay on. It just keeps blinking off. No okay. Good. Thanks. Thanks for the kind words, you know, i know that the committee will continue its great work. You know, between your leadership and others on the committee. With that, id like to move to recognizing the witnesses here today. Up first is mr. Cordell shacter, cio, d. O. T. , mr. Larry grossman, chief Information Security officer, federal aviation administration. Ms. Victoria nouse, federal administrator for policy plans and engagement. Rear admiral john w. Mader, assistant commodante for United States coast guard. Mr. Kevin dorsy, assistant Inspector General for Information Technology audits, Inspector General, department of transportation, and mr. Nick renos director Cyber Security at the gao. With that, i would first recognize mr. Shacter for five minutes. Good morning, chair, Ranking Member graves and members of the committee. Thank you for the opportunity to testify before you today and for your support of the department of transportation. Im cordell schachter, chief Information Officer. Im honored to be here with faa chief Information Security, larry grossman, us d. O. T. Office Inspector General, assistant Inspector General for it audits, kevin dorsy and officials from the u. S. Coast guard, transportation Security Administration and Government Accountability office. I was appointed usd. O. T. s chief Information Officer on august 30th this year, my testimony today is based on observations and review of d. O. T. Records during my three months in this position. My testimony is also informed by my 26 years of service as a local Government Official in new york city, 13 years of that service as chief Technology Officer and cio of new york Citys Department of transportation. In between two tours of new york City Government service i worked for several technology companies, taught masters level courses in Civil Technology at New York University in new yorkity, new york city, and st. Petersburg, i believe the program has improved the departments Security Posture and on a path for continuing improvement according to government best practices. U. S. D. O. T. s executive ranks have many officials with the knowledge and expertise of providing service directly to the public, this begins with deputy secretary trottenburg and the leaders of many of our operating administrations or modes. They have also head key elected and appointed leadership positions in cities and states, solving problems, protecting citizens, and improving the quality of life of their constituents. We now have before us, one of the greatest opportunities to improve the quality of life for all americans. We look forward to partnering with congress and our sister federal agencies to implement the land mark of partisan infrastructure law. On the same day that President Biden signed the law, he executed an executive order to ensure, among other priorities, increased coordination across the Public Sector to implement the effectively. We commit to that goal. Our executive Leadership Teams experience includes making improvements to systems while they continue to operate. Similarly, well continue to improve our existing systems to make them more Cyber Security while they continue to operate so that they resiliently support d. O. T. s operations and the american people. I want to transparently acknowledge we have multiple open audit findings from previous oag and gao Cyber Security audits, we take seriously their assessment, i designated Cyber Security improvement as the top priority for d. O. T. s Information Technology organization, the office of the chief information office. We begun a series of cyber sprints to complete tasks and make plans to meet our federal Cyber Security requirements and implement best practices including those from President Bidens executive order for improving the nations Cyber Security. The cyber sprints prioritize three area System Access control, website security, and improved governance, oversight and coordination across d. O. T. These activities address aig and gao findings. D. O. T. Is actively working to meet responsibilities to improve the departments Information Technology infrastructure while im lmtic our portions of the infrastructure law. We will also meet the challenge of continuously improving the Cyber Security of d. O. T. Information Technology Systems while keeping those systems available for use. We look forward to working with this committee. Our Agency Partners, and the white house, to strengthen and protect our infrastructure and systems. Thank you again for this opportunity to testify. I will be happy to answer your questions. Thank you, mr. Schachner for doing exactly in five minutes, appreciate that. Well now move on to mr. Larry grossman. Mr. Grossman. Good morning. From air Traffic Control to the largest airliner or the latest drone, connectivity is the way of the future in airspace. Its also why we have to constantly raise the bar when it comes to Cyber Security. Chair delfazio, Ranking Member graves, members of the committee, Cyber Threats are an on going concern and increasing reliance on highly integrated computers and networks is cause for vigilance at all levels of the aviation industry, this is especially true at faa where we are responsible for operating the nations air Traffic Control system and overseeing design, manufacture and testing of aircraft design and systems including avionics and me, personally, as a pilot, instructor, and for those we regulate and the community at large. I want to start by noting the executive order on improving the nations Cyber Security and i want to thank congress on continuing guidance and direction over many years. The faas effort to address cyber challenges benefits from your oversight and cooperative efforts with other branch agencies. We appreciate the input as we stride to make systems more efficient and safer. Youll hear it again, safety is a journey, not a destination, the true is same for Cyber Security. What we do today is not enough for tomorrow or the day after. Were always striving to improve. Constantly updating and evolving faas Cyber Security strategy, put into action through crossagency Cyber Security commitment. The strategy includes protecting and defending faa networks and systems, enhancing Risk Management capabilities, building and maintaining work force capabilities and engaging with external partners. We defend our air Traffic Control and other networks by using separate and distinct security perimeters and controls that are the responsibility of the faa chief Information Security officer and faa chief Information Officer. To assess Cyber Threats and vulnerabilities to our networks, weve developed a cyber Test Facility at our William J HughesTechnical Center where we also conduct testing. We ensure Cyber Resilience on aircraft through risk assessments during initial certification process or when there is time to a previous certification. When existing regulations do not provide adequate protection we issue special conditions. Throughout an aircrafts life, operators must track Security Issues in much the same way they do for other issues, using datadriven methodologies, that allows operators in the faa to make informed Risk Management decisions. Smart decisions require counted and dedicated cyber work force, and we continue to invest in our people. Congress recognized the importance of this effort and in 2018, asked faa to enter into agreement with National Organization of science, that study made it clear theres more work to do though many of the recommendations are consistent with the Cyber Security strategic objectives and others on going with faa recruitment efforts. Finally, one of the major components of our strategy is build and maintain relationships and trusts with our external partners. This is critical for defending and reacting and recovering from a cyber attack. Its why we are the lead agency on the Aviation Cyber Initiative entering task force with dhs and dod, its why we work collectively to address Cyber Security risks in the ecosystem, ranging from airport authorities to manufacturers. As technology of the aviation ecosystem evolves, we expect Cyber Security will continue to be a growing challenge and