By Hank Russell
A hearing was recently held by the House Committee on Homeland Security — specifically the Subcommittee on Cybersecurity and Infrastructure Protection — to examine the evolution of cyber threats to the U.S.’ critical infrastructure — 15 years after the discovery of the Stuxnet cyber weapon.
The hearing, titled “Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats to Critical Infrastructure,” explored how the cybersecurity landscape has changed since Stuxnet first exposed the real-world impact of offensive cyber tools.
In his opening statement, Congressman Andrew Garbarino (R-Patchogue), chair oif the emphasized the urgent need to strengthen both IT and operational technology defenses across sectors like energy, water, healthcare, and transportation. He also highlighted the rising threat posed by Iranian cyber actors and reaffirmed the importance of reauthorizing two key federal programs: the Cybersecurity Information Sharing Act (CISA 2015) and the State and Local Cybersecurity Grant Program.
As previously reported in Long Island Life & Politics, the Federal Bureau of Investigation (FBI) warned of Iranian-affiliated cyber actors who may target U.S. devices and networks in an effort to conduct disruptive cyberattacks. This includes American defense companies that hold interests in or have a relationship with Israel, as well as poorly secured U.S. networks and Internet-connected devices.
“Since discovering Stuxnet 15 years ago, cybersecurity threats to critical infrastructure have drastically evolved and spread beyond just malware,” Garbarino said. “We now see various cyber capabilities being used to hack critical infrastructure, including phishing, social engineering, denial-of-service attacks, and more. While cyberattack vectors have grown and matured, malware is still of great concern. Malware comes in many forms, such as keyloggers, spyware, viruses, and ransomware, with ransomware comprising one-third of all cyberattacks in 2024.”
Garbarino cited statistics from Nozomi Networks Labs that cyberattacks from Iranian threat actors surged by 133% between May and June. “It is also worth examining the state of the Iranian cyber threat and the potential impact Stuxnet had on Iran’s cybersecurity posture,” he said.
During the meeting, he called for the reauthorization of CISA 2015 and extended funding to state and local governments. “[This] will ensure we keep encouraging rapid and trusted information sharing among public and private sector entities,” he said. “Extending the State and Local Cybersecurity Grant Program will make sure that states and localities have reliable funding to strengthen their cybersecurity posture.”