Republicans on the House Homeland Security Committee on Wednesday spoke out about the need for action against China’s threat to American infrastructure networks, even as some members of the party have soured on a primary agency that fights such cyberattacks.
“The Chinese Communist Party is ready to shut down our essential services, our communications, our energy grid, our maritime ports and our water systems, to name just a few, and we cannot allow this situation to continue,” Homeland Security Chairman Mark E. Green, R-Tenn., said at the hearing. “We’ve played defense far too long, and now it’s time to go on the offense.” Green added that cybersecurity would be the committee’s top priority.
The panel’s top Democrat Rep. Bennie Thompson, D-Miss., countered that several Republicans and supporters of President Donald Trump are seeking to slash funding for the Cybersecurity and Infrastructure Security Agency, the country’s main line of defense. As many as 100 Republican lawmakers voted to cut CISA’s funding in the last Congress and some of the “loudest and most influential voices on the other side wanted to eliminate CISA entirely,” he said.
Thompson said it will be difficult for the committee to advance cybersecurity goals given Republican lawmakers’ opposition to the agency, created by Congress in 2018 and signed into law by Trump in his first term.
“Unfortunately, driven by false allegations and conspiracy theories, President Trump and many of his Republican colleagues have soured on the system” that they helped create, Thompson said.
Republican opposition has stemmed from efforts by the agency to combat online disinformation relating to the COVID-19 pandemic and election misinformation.
Sen. Rand Paul, R-Ky., who chairs the Senate Homeland Security and Governmental Affairs Committee, is chief among the lawmakers who have called for eliminating CISA, which is part of the Department of Homeland Security.
At her confirmation hearing last week, South Dakota Gov. Kristi Noem, nominated for Homeland Security secretary, questioned CISA’s priorities.
“CISA has gotten far off mission,” Noem said. “They’re using their resources in ways that were never intended. The misinformation and disinformation that they have stuck their toe into and meddled with should be refocused back onto what their job is.”
Noem said “CISA needs to be much more effective, smaller, more nimble to really fulfill their mission, which is to hunt and to help harden our nation’s critical infrastructure” against cyberattacks.
Thompson said that former Rep. John Katko, R-N.Y., who once served as the top Republican on the committee, had called for CISA to become a $5 billion agency by 2025. The agency’s fiscal 2025 request is $3 billion.
“So I was troubled by the DHS secretary nominee’s testimony last week that she wants a smaller CISA,” Thompson said.
Focused role
The panel of experts testifying before the Homeland panel on Wednesday said CISA was essential to the nation’s cybersecurity efforts to protect U.S. critical infrastructure, but didn’t talk about funding levels.
The agency needs to “focus on its role as a risk manager for the country,” said Mark Montgomery, the senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, a think tank.
Montgomery said China, Russia, Iran, and North Korea had carried out numerous cyberattacks on U.S. networks, but “China is America’s most capable and opportunistic cyber adversary.”
Chinese hackers have penetrated U.S. infrastructure networks and installed malware that’s “lying in wait, ready to disrupt and destroy U.S. systems at a time of Beijing’s choosing,” said Montgomery, a retired U.S. Navy officer. By placing malware deep within U.S. networks, Beijing aims to disrupt or degrade America’s rail, port and aviation systems to slow the deployment of military personnel and supplies in a conflict over Taiwan, he said.
Kemba Walden, president of Paladin Global Institute, a unit of Paladin Capital — a venture capital firm that invests in cybersecurity startups — said a vast majority of the U.S. infrastructure, including ports, water treatment plants, and pipelines, are operated by private companies. Therefore information sharing between CISA and such companies is essential to keeping private networks safe, she said.
Walden, who previously served as the acting director of the White House National Cyber Directorate, said Congress must reauthorize legislation that made information sharing between private companies and U.S. agencies possible. The legislation signed into law in 2015 expires in 2025, Walden said.
The U.S. needs to go on offense, Montgomery said.
“We now have to actually publicly execute operations against Chinese cyber infrastructure to say, ‘we know you did this, we know you used this infrastructure to do this, and we’re going to remove that infrastructure from your capability,’” Montgomery said.