[{"_1":2,"_111":-5,"_112":-5},"loaderData",{"_3":4,"_26":27},"root",{"_5":6,"_17":10,"_18":19,"_20":21,"_22":10,"_23":-5,"_24":-5,"_25":10},"user",{"_7":8,"_9":10,"_11":10,"_12":-5,"_13":-5,"_14":15,"_16":-5},"roles",[],"isAuthenticated",false,"isPremium","planName","subscriptionStatus","featureFlags",{},"insightsBudget","isDevelopmentHost","userPreferences",{},"recaptchaSiteKey","6LcvOJcUAAAAAHsB-gPGfGktcRlKpH7OTIU_dMTD","isImpersonating","impersonation","affiliateStatus","isFreedomPortal","routes/v2/article/layout",{"_28":29,"_30":31},"notFound",true,"relatedArticles",[32,75,87,99],{"_33":34,"_35":36,"_37":38,"_39":40,"_41":42,"_43":44,"_45":46,"_47":48,"_49":50,"_51":52,"_53":54,"_55":56,"_57":58,"_59":60,"_61":62,"_63":64,"_65":66,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},"mediaId",6158712,"mediaKeyId","5457720-1934133ee8555d31f8892204d2174652","parentId",5457720,"title","Experts urge focused, practical steps to secure OT: five controls, clearer federal guidance, supply-chain standards","audioSeconds",2937,"startMs",2019000,"endMs",4956000,"viewUrl","/Search/View?dp=1&key=5457720-1934133ee8555d31f8892204d2174652&start=2019&end=4956","thumbnailUrl","https://assets.pipeline.soar.com/5457720-1934133ee8555d31f8892204d2174652/thumbnail_2019000.jpg","articleUrl","/articles/6158712/Experts-urge-focused-practical-steps-to-secure-OT-five-controls-clearer-federal-guidance-supply-chain-standards","mediaUrl","https://secure.pipeline.soar.com/6158712-99eb5566596f78d72494d3979fe48ee0/orig.mp4?Expires=1770492517&Signature=LRxIfPIHPwUB5DzI8XSJPA~oFWPrHiTfGkqF9wuJ9~AWshd7f7OvWr-AOFTRQ5th4rCLDpx8lRSkDr5E-KT-CFiov3EwFKGTqPPPme-1pmqswd5BwosWbxkpRb9KcYM~tpisvbz2MXTMHdMZCrwo6oNDscsy379gHQXpYN0fGQZXTK4ATQCcIfrmN1XH51IUSmvH91XVnfIywPKgHeOfTYLyL2QLxvE3bzDUJqANYf5Po~nVxRTl~igfunwS6Hgd0oviS83ADTltfFLguNmYFqNRrtpQMJN2ZF~AekcaFiUBglLIXR98wzO1CL-OQGc3t4A04Uf2N~mxQ~wv2EWwmg__&Key-Pair-Id=KUT5TJCACFTXG","author","U.S. House Committee on Homeland Security","date","2025-07-24T04:00:01.43Z","article","Witnesses at the House Homeland Security Subcommittee hearing outlined concrete steps they say will materially reduce OT risk if implemented with scale and clarity.

Robert M. Lee of Dragos summarized a set of practical priorities and told members: “First, we must stop treating OT like IT. These systems have different risks and require different defense strategies.” Lee advocated targeted public–private partnerships, streamlined federal guidance and letting the private sector lead on deployable technology while the government focuses on “over the horizon threats.”

Lee recounted a private-sector success: Littleton Electric in Massachusetts used federal grant funding and Dragos technology to detect and mitigate an intrusion tied to an actor the witness identified as Volt Typhoon. “They were able to do this because they had visibility in their OT networks, and they were proactive in their security,” Lee said.

Panelists and members repeatedly urged simplicity and a single federal voice for guidance. Several witnesses referenced the SANS Institute’s “five critical controls” as an example of a short, implementable starting point. Tatiana Bolton of the Operational Technology Cybersecurity Coalition said operators need prioritized “quick start” guidance rather than long frameworks: “NIST is creating some quick start guides. I think that would be very important to do for OT security.”

Other recommendations included: require stronger security standards for vendors and components sold into critical infrastructure, improve credentialing and coordination for incident response teams, and expand funding so small utilities can inventory assets, segment networks and deploy multifactor authentication.

Why it matters: Witnesses said large-scale execution of a small number of proven controls would raise the baseline security posture across hundreds of thousands of small and medium-size critical infrastructure operators that currently lack OT visibility and resources.","mediaType","Video","parentTitle","Fully Operational Stuxnet 15 Years Later & the Evolution of Cyber Threats to Critical Infrastructure","oneSentenceSummary","Witnesses and members recommended prioritized, implementable measures to protect operational technology: inventory OT assets, apply known critical controls, harmonize federal guidance, fund deployments rather than reinvent tools, and raise vendor security standards.","taxTitle","Homeland Security: House Committee, Standing Committees - House & Senate, Congressional Hearings Compilation, Legislative, Federal","taxId",1831,"location","","headline","shortSummary",{"_33":76,"_35":36,"_37":38,"_39":77,"_41":78,"_43":79,"_45":80,"_47":81,"_49":82,"_51":83,"_53":84,"_55":56,"_57":58,"_59":85,"_61":62,"_63":64,"_65":86,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6158717,"Witnesses urge Congress to reauthorize CISA 2015 and state and local cybersecurity grants before lapse",3697,1419000,5116000,"/Search/View?dp=1&key=5457720-1934133ee8555d31f8892204d2174652&start=1419&end=5116","https://assets.pipeline.soar.com/5457720-1934133ee8555d31f8892204d2174652/thumbnail_1419000.jpg","/articles/6158717/Witnesses-urge-Congress-to-reauthorize-CISA-2015-and-state-and-local-cybersecurity-grants-before-lapse","https://secure.pipeline.soar.com/6158717-e87ecf417fe9fc2665eabaa078fcc463/orig.mp4?Expires=1770492517&Signature=IP5VlmVshB4aHnvT8nyMXuHgdzAWuQuCAkP1lNRrgXW~j8ege3Rd-kyxSpsJTE8qmzkhF~4yErYDJ-9xglSzEYwaSIgsmHihLLHVQ1mKN6vcApVXeFreXTXPkHMlaJk0OIHTy1-9051uJao4fh1fubIPMN-Yt-UJzGeMb4crMk5P2~CjTmdaCFIqpRZbU-pfqM7ZzYB9G-blVi2ascq1BDQ~FdTJD7KESTqA-7zscodlSOp0QI8rtWUP7rzfsLq56e8PzAh4Hpm~NYVmQrz~ck9ORaHWNHhcimjPoNMSTIaB6f5fR8ndmAH8zwO4YIKpb3CFuNZyqudfJYdkJd36uw__&Key-Pair-Id=KUT5TJCACFTXG","Lawmakers and witnesses at a House Homeland Security Subcommittee hearing urged Congress to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the state and local cybersecurity grant program, saying both are vital to information sharing and funding for underfunded critical infrastructure operators.

Representative Adam B. Swalwell, the ranking member, said reauthorization must happen promptly. “We cannot allow this critical authority to lapse,” he told the panel, echoing several witnesses. Tatiana Bolton, executive director of the Operational Technology Cybersecurity Coalition, told the committee a lapse would be disruptive: reauthorizing CISA 2015 “is crucial to information sharing and strengthening U.S. collective defense. If the legal protections established by this act were to lapse, this flow of information would be disrupted up to 80 to 90% and national security put in jeopardy.”

Representative Mikey MacGyver (as recorded in the hearing) noted the Infrastructure Investment and Jobs Act created a $1,000,000,000 state and local cybersecurity grant program; witnesses said the program is set to expire in the coming months and that reauthorization is essential to help smaller jurisdictions remove insecure equipment, hire staff and modernize systems.

Why it matters: Witnesses and members said many local utilities, ports and hospitals lack resources to secure OT; Bolton and others argued federal grant support is the most effective way to raise the baseline security posture. Robert Lee and other witnesses added that liability protections and clear, centralized federal channels increase private-sector willingness to share threat information.

Panelists recommended that reauthorization explicitly include OT in statutory language, clarify CISA’s role as the federal gateway for information sharing, and restore information-sharing authorities that facilitate private–public operational collaboration. Members said a clean, near-term extension should be a priority while reforms are considered in parallel.","Panelists and members from both parties told the subcommittee that reauthorizing the Cybersecurity Information Sharing Act of 2015 and the state and local cybersecurity grant program is urgent; witnesses said expiration would sharply reduce information sharing and funding to under-resourced local entities.",{"_33":88,"_35":36,"_37":38,"_39":89,"_41":90,"_43":91,"_45":92,"_47":93,"_49":94,"_51":95,"_53":96,"_55":56,"_57":58,"_59":97,"_61":62,"_63":64,"_65":98,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6158722,"Lawrence Livermore tells House CyberCentury agreement expired; sensors still deployed but analysts stopped monitoring",50,3577000,3627000,"/Search/View?dp=1&key=5457720-1934133ee8555d31f8892204d2174652&start=3577&end=3627","https://assets.pipeline.soar.com/5457720-1934133ee8555d31f8892204d2174652/thumbnail_3577000.jpg","/articles/6158722/Lawrence-Livermore-tells-House-CyberCentury-agreement-expired-sensors-still-deployed-but-analysts-stopped-monitoring","https://secure.pipeline.soar.com/6158722-1197e3c420c84fe8627e90fbb7979282/orig.mp4?Expires=1770492517&Signature=K1GMxAr2zDpAvTsbe41fFZTWU~lx3C~Hyq0~Brg2OFiQy4cOaJ5tU8vpAb1pgoJOC3cXARJbzPACn5lKB7AwPW~fh4Z3QtbKkepCCOiG3HORVjZ4-rnxovBcSKSSXCFonD5maEG4RPqQr0WIGhXkfTii63roJHDoFBkZCEx70wZo0ckuqbTwKzAB0o5sDnazfiuCm8oUB6EZO4-bik9FWRA2RUY4TP1LXvGJTH7-GeTBX9fRzrkmLaCMR5vlougP6bXet4W8UrBJOfy3TRtMu~JF-MIQICjyHmtGJXU7pF1-qKGBQiwWI5SrU4KyZWVGNgaRpPifCk8SV0WCG2LW3A__&Key-Pair-Id=KUT5TJCACFTXG","Lawrence Livermore National Laboratory told the House Homeland Security Subcommittee that its agreements with the Department of Homeland Security to analyze data from the CyberCentury program have expired, temporarily halting active threat hunting despite sensors remaining on partner networks.

“Currently, we have agreements that are making their way through DHS processes. Unfortunately, those are still making their way through DHS processes, and our work with CISA expired, last Sunday,” Dr. Nate Gleason, program leader for cyber and infrastructure resilience at Lawrence Livermore, told the subcommittee. Gleason said the lab’s threat-hunting team “stopped monitoring networks on Sunday.”

Why it matters: CyberCentury — authorized in the fiscal year 2022 National Defense Authorization Act and described in testimony as a voluntary partnership that places sensors on participating critical infrastructure networks — pairs national-lab analytics with private-sector telemetry to detect novel threats. Witnesses credited the program with detecting suspicious devices and malware during prior operations.

Gleason said sensors remain deployed and continue to gather telemetry but that lab analysts are not legally operating without funding and authority. When Rep. Adam B. Swalwell pressed on the operational effect, Gleason answered bluntly: “National laboratories are not legally able to operate without being funded by a government agency. So our threat hunters, stopped monitoring networks on Sunday.”

Committee members and witnesses described the lapse as a potential blind spot: data are collecting on critical infrastructure networks, but the lab said it cannot analyze that data until interagency agreements between DHS and DOE are completed and signed.

The exchange prompted lawmakers to press for a rapid resolution to restore analysis capability. The hearing record was left open for 10 days to accept follow-up materials and written answers.","Lawrence Livermore National Laboratory informed the House subcommittee its agreements to analyze CyberCentury sensor data lapsed and its threat-hunting stopped, leaving deployed sensors collecting data that the lab said it is not authorized to analyze until interagency funding arrangements are executed.",{"_33":100,"_35":36,"_37":38,"_39":101,"_41":102,"_43":103,"_45":104,"_47":105,"_49":106,"_51":107,"_53":108,"_55":56,"_57":58,"_59":109,"_61":62,"_63":64,"_65":110,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6158727,"Lawmakers, experts tell House subcommittee Stuxnet’s legacy shows U.S. operational technology remains vulnerable",973,945000,1918000,"/Search/View?dp=1&key=5457720-1934133ee8555d31f8892204d2174652&start=945&end=1918","https://assets.pipeline.soar.com/5457720-1934133ee8555d31f8892204d2174652/thumbnail_945000.jpg","/articles/6158727/Lawmakers-experts-tell-House-subcommittee-Stuxnets-legacy-shows-US-operational-technology-remains-vulnerable","https://secure.pipeline.soar.com/6158727-8db3f77818fb93f747310c8354422896/orig.mp4?Expires=1770492517&Signature=QVUKvBu4Hs59t2x-daJYwpZdbUbaXVCuN-3AmCJcPnOKK8Jv7ut-dr0Z17V69xhYfhVGlk-wtkCcUdOvsbM90knCog5VhhLRP8~LjjrQOidT19XO95~VCYrHS6wknEehsZp~uFLvDfrQDgnu5sJVX5kwPWs81HruFJg75QDFfuL99cpDT9jtlRyOj9EIM0k0cB52Yod0bofIfHUpl6QuzXsvPjkMWnFYARTwKxWntcbDyUCD0zONfKOQ7NBnh7-PpGY6VctV42OrzW-FbY~qkQVuG1odJx1ZNTF~9gg6WwGyVtceQYm3re-5iJBfWkuZm-xEvkYjSDY2fdnBZZ4XPA__&Key-Pair-Id=KUT5TJCACFTXG","The House Homeland Security Subcommittee on Cybersecurity Infrastructure Protection heard testimony that the 15-year-old Stuxnet attack fundamentally changed the cyber threat picture by showing malware could cause physical destruction — and that U.S. operational technology remains at risk.

Kim Zetter, a cybersecurity journalist and adjunct professor at Georgetown University, told the committee Stuxnet “was a first of its kind attack, the first known case of malicious code designed to leap from the digital world to the physical realm to cause disruption and destruction.” Zetter warned the same techniques could be used against U.S. critical infrastructure, from power and water systems to trains and hospitals.

Why it matters: OT systems control the physical processes of critical services; compromises can produce physical damage, service outages and, in extreme cases, loss of life. Zetter and other witnesses told members that defects discovered after Stuxnet revealed architectural and software problems that often cannot be fixed by a simple patch.

Experts said the threat has broadened beyond precision tools like Stuxnet to include ransomware, denial-of-service, phishing and supply-chain compromises. “We are not prepared for a major attack on our critical infrastructure,” Robert M. Lee, chief executive officer of Dragos and a lieutenant colonel in the Army National Guard, told the subcommittee. Lee said defenders track more than 25 state and nonstate actors that target OT and warned that homogeneity of industrial systems increases risk.

Members and witnesses pointed to concrete examples to underscore the danger. Zetter cited a CISA security alert this month about a decade-old flaw in train braking protocols that could allow an attacker in proximity to impersonate braking devices; a replacement protocol is not expected until 2027. Witnesses also described discoveries of surveillance cameras and other devices on OT networks that beaconed to overseas servers and could provide backdoors into control systems.

Wider context: Witnesses emphasized that many critical infrastructure owners — especially smaller utilities, local governments and cooperatives — lack funding, staff and technical expertise to inventory OT assets and implement basic defenses such as segmentation and multifactor authentication. That shortfall, they said, widens the attack surface for nation-state and criminal actors.

The subcommittee heard recurring recommendations: treat OT security as distinct from IT security, increase targeted public–private partnerships, prioritize supply-chain assurance and improve federal response coordination. Several members urged prompt congressional action on reauthorizations and funding programs discussed elsewhere in the hearing.

The hearing record will remain open for additional questions and written testimony, the chairman said.","Witnesses at a House Homeland Security Subcommittee hearing said 15 years after Stuxnet was discovered, operational technology (OT) that runs water, energy and transport systems remains a prime target and that U.S. defenses lag behind evolving threats.","actionData","errors"]

Article not found

Experts urge focused, practical steps to secure OT: five controls, clearer federal guidance, supply-chain standards

Witnesses urge Congress to reauthorize CISA 2015 and state and local cybersecurity grants before lapse

Lawrence Livermore tells House CyberCentury agreement expired; sensors still deployed but analysts stopped monitoring

Lawmakers, experts tell House subcommittee Stuxnet’s legacy shows U.S. operational technology remains vulnerable