WASHINGTON – Republicans and Democrats on the House Committee on Homeland Security on Wednesday warned that China has positioned itself to undermine U.S. infrastructure via cyber warfare should it decide to do so.
“Should we enter into a conflict with the P.R.C., the Chinese Communist Party is ready to shut down our essential services, our communications, our energy grid, our maritime ports and our water systems,” Chairman Mark Green (R-Tenn.) said in his opening statement.
His Republican colleague from Texas, Rep. Michael McCaul, said China can infiltrate America’s key infrastructure remotely.
“One of the most frightening things to think about is this ability to preposition malware on critical infrastructure to give them the capability to turn the switch off at any given time and bring darkness to the entire East Coast or to ports in New Orleans or Houston,” he said.
Over and over again, four cybersecurity experts emphasized the threat posed by foreign adversaries, especially China, but also Russia, North Korea and Iran.
“How crazy would we go if we found 20 satchels of explosive strapped to different electrical power grids or port cranes around our country and could attribute it to China or Russia?” Rear Adm. Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, said in his testimony. “But somehow in cyberspace, they get a pass. That’s not right.”
Montgomery pointed out that the Chinese government devotes about 60,000 people to its cyber efforts, while, in contrast, the U.S. government employs only about 6,400 people in the offensive side of its Cyber Mission Force.
Lawmakers and witnesses also addressed the vulnerability of state and local entities to cyberattacks.
“State and local governments have struggled to adequately defend their networks, exposing them frequently to cyberattacks and putting critical public infrastructure at risk,” said Rep. Delia Ramirez (D-Ill.).
She expressed her support for the reauthorization of the State and Local Cybersecurity Grant Program, which is set to expire in September.
Brendon Wales, vice president for Cybersecurity Strategy at SentinelOne, said that state and local entities are frequently targeted, especially by ransomware groups.
“State and local government agencies are the closest to the American citizens,” Wales said. “So disruptions at the state and local level are ones that people feel quickly.”
Those agencies must improve their outdated technology so that they can resist cyberattacks, said Kemba Walden, president of the Paladin Global Institute and former acting National Cyber Director.
Later in the hearing, lawmakers clashed over the mandate of the Cybersecurity and Infrastructure Security Agency.
Congress created the agency primarily to combat cyberthreats. Its mission also includes combating misinformation and disinformation, a role which it fulfilled during the most recent election cycle. Republicans in Congress have recently criticized that role.
Secretary of homeland security nominee Kristi Noem, in her confirmation hearing last week, claimed the agency’s efforts to combat disinformation amounted to manipulation of the American public. She called for the Cybersecurity and Infrastructure Security Agency to be downsized, an idea which Democratic lawmakers pushed back on at the hearing.
“Part of the problem here is that even though C.I.S.A.’s misinformation and disinformation activities represent less than one-tenth of 1% of its budget, Republicans have tried to cut 25% of the budget,” Rep. Dan Goldman (D-N.Y.) said.
For Republicans’ part, Rep. Eli Crane (R-Ariz.) accused Wales, who previously served as acting director of C.I.S.A., of censorship.
But lawmakers were ultimately united in their concern over the scale of the cyberthreats posed by American adversaries.
“The United States faces an incredibly dangerous and growing threat landscape with regard to cybersecurity,“ said Rep. Seth Magaziner (D-R.I.).
