WASHINGTON—The Subcommittee on Cybersecurity, Information Technology, and Government Innovation held a hearing titled, “Red Alert: Countering the Cyberthreat from China.” Subcommittee members discussed how CCP-sponsored hacking efforts have become more sophisticated and coordinated, including its Volt Typhoon campaign that targets U.S. critical infrastructure. Expert witnesses discussed the urgent need to combat the threat by, for instance, replacing vulnerable legacy IT systems that serve as prime access points for hackers to infiltrate both public and private sector entities across America.
Key Takeaways:
Recent federal intelligence agency warnings confirm China is hacking into America’s critical infrastructure to position itself to conduct massively disruptive cyberwarfare at a time of its choosing.
The current threat landscape shows that CCP hacking collectives have gone from rudimentary and disorganized to highly efficient and advanced operations. This has increased the validity, velocity, and variance of attacks that the United States must be poised to defend against.
Obsolete and legacy IT systems are a main avenue Chinese hackers use to infiltrate and attack U.S. critical infrastructure and the White House has failed to develop a comprehensive plan to stop these infiltrations from China.
Member Highlights:
Subcommittee Chairwoman Rep. Nancy Mace (R-S.C.) discussed what can be done to monitor, identify, and thwart Volt Typhoon hacking efforts, whose aim is to achieve undetected infiltration of critical computer systems.
Chairwoman Mace: “So if they are achieving their goal of undetected system access, how would we know?”
Mr. Joyce: “I believe the combination of intelligence, that revealed this campaign, as well as the capabilities of U.S. cybersecurity industry has the ability to find and defeat some of these activities. But it is going to take a combination of both the public effort, private efforts, as well as the targeted entities have to remove some of their outdated legacy IT to be safe.”
Mr. Evanina: “I would add onto that that I think it is about leadership and government, I think if the government earmarked significant dollars to update our own legacy systems it would obviously prevent our adversaries from getting our government systems and I think that would be a leading role to stimulate the private sector to do the same.”
Delegate James Moylan (R-Guam), who was waived on to the subcommittee for today’s hearing, discussed what needs to be done from a policy to perspective to enhance America’s cyber defense operation. Delegate Moylan offered a unique vantage point to the hearing as Guam is geographically close to China and home to key U.S. military bases and installations, making it a prime target for Chinese hacking operations.
Delegate Moylan: “With limited cyber personnel already, Guam’s cyber infrastructure suffers from deterioration and lack of funding, leaving civilian and military assets vulnerable to cyber attacks. With Guam being one of the closest U.S. territories to China, what policy advice would you give the President to solve Guam’s cyber insecurity?”
Mr. Joyce: “We have to have the awareness and the priority on this subject, on this crisis to give them the resources to get rid of old, outdated, and insecure hardware. A lot of the tactics used in the attacks are finding flaws that could have and should have been patched in old and obsolete equipment.”