Vice Chair McCaul Discusses Global Cyber Threats at First Homeland Hearing of 119th Congress
WASHINGTON – Today, U.S. Congressman Michael McCaul (R-Texas) — chairman emeritus and current vice chairman of the House Homeland Security Committee — delivered remarks and questioned witnesses at a full committee hearing to examine cybersecurity threats posed by our adversaries like the Chinese Communist Party.
He addressed his questions to retired Rear Admiral Mark Montgomery, U.S. Navy, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies; and Brandon Wales, vice president of Cybersecurity Strategy at SentinelOne.
Remarks as delivered:
McCaul: The ranking member and I passed the Cybersecurity and Infrastructure Security Agency Act in 2018 because [CISA] was a civilian agency we thought best capable to interact with the private sector.
Since that time, I believe it has stood up its capabilities, its credibility. But the world is on fire today, and it's a far more dangerous place than it was in 2018 from a cybersecurity perspective, particularly when you look at China, Russia, Iran, and North Korea.
I was sanctioned by China. I'm the target of a disinformation campaign by China, along with three other members, one of whom now is the secretary of state, Marco Rubio.
So I've kind of first-hand witnessed this, but I think that one of the most frightening things to think about is [the CCP’s] ability to pre-position malware on critical infrastructure, to give them the capability to turn the switch off at any given time, and then to bring darkness to the entire east coast or to ports, you know, in New Orleans or Houston.
Can you — maybe, admiral, I’ll start with you — explain how that exactly works, and what can we do to fortify and strengthen these critical infrastructures.
Montgomery: Thank you, sir. Look, you're right on that. ... [The CCP's] operational preparation of the battlefield, it is a war-making action. And you know, we have to take it much more seriously. I think the idea that they've pre-positioned malware, or that they have capabilities that lie in wait, that can come out at the right time, as we're making a decision to move, you know, to respond to a crisis in Taiwan or crisis in the Baltic states … This is why I think former Representative Waltz is right in the sense that we have to go on the offensive. … Otherwise, the Chinese are going to keep doing what they're doing.
McCaul: I totally agree. We need to call them out for this. We know that in the event of an invasion of Taiwan, they will shut down their entire grid and shut down all their cyber — including probably [hitting] the west coast of the United States at the same time.
Montgomery: How crazy would we go if we found 20 satchels of explosive strapped to different electrical power grids or port cranes around our country, and could attribute it to China or Russia? We would seriously be moving forces and say this is completely unacceptable behavior, but somehow, in cyberspace, they get a pass. That's not right. We need to be more offensive about this. The bar for taking action has got to be lowered down to one that makes America and our infrastructure secure. Right now, it's too high.
McCaul: I think the physical analogy is always accurate. For instance, when the OPM hack occurred, 23 million security clearances [were] stolen. Can you imagine if Chinese operatives were caught at OPM actually stealing that data in person? We tend to think [cyber is] different, and it's really not.
Mr. Wales, in my remaining time, this unholy alliance [as I call it] between China, Russia, Iran, North Korea. Do you see, in this alliance, any formation of working together in the cyber threat space?
Wales: So I'd say that there are some but limited connections at this point, in part because there is not a significant degree of trust amongst those countries, despite their willingness to work together in very isolated places. They've also been caught conducting operations against each other, which is one of the reasons why they don't have as tight of an alliance as, let's say, the United States does with its Five Eyes partners, where it's much closer sharing of information, conducting joint operations, etc.
We don't see that yet amongst our adversaries, but that is changing. We're seeing closer connections in places like Ukraine, in terms of Russia, Iran, North Korea, etc. So we obviously have to watch that space very carefully.
McCaul: I passed the Cyber Diplomacy Act to help coordinate and deal with that on the defensive side. But I know my time has expired. Thank you, Mr. Chairman.
###