• 7 months ago
During a House Oversight Committee hearing last week, Del. James Moylan (R-GU) questioned witnesses about cyberthreats from China.

Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:

https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript


Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Transcript
00:00 Thank you, Chairwoman Mace and Ranking Member Connolly, for allowing me to wave into this
00:05 hearing and speak on an issue that has plagued my district and the United States at large.
00:12 The problem is clear. The People's Republic of China has unabashedly conducted cyber-welfare
00:17 against the United States for over a decade. The PRC uses proxy groups like Vote Typhoon
00:24 to step attribution for these cyber-attacks. As a veteran, I can personally say that divesting
00:32 cyber-attacks on the Office of Personal Management in 2015 was a cyber wakeup call.
00:40 While many cyber-attacks target our federal government, Chinese hackers' indifference
00:44 towards targeting civilians is apparent. Chinese leadership or their proxies has continued
00:51 to demonstrate a lack of concern toward attacking civilian infrastructures. Regardless of source,
00:58 the blatant disregard even to the extent of launching cyber-attacks during an active Category
01:03 5 typhoon on Guam, shutting down Guam's communications while extreme weather destroys billions of
01:09 dollars' worth of homes, businesses, and community facilities is simply inexcusable.
01:16 So my question, Mr. Evelina, cyber represents a facet of Chinese gray zone warfare that
01:25 the U.S. has struggled to contend with. Part of this problem stems from using cyber contractors
01:30 to circumvent the Chinese Communist Party attributions for these attacks. With those
01:38 companies in mind, could you recommend steps that the U.S. should take to properly distinguish
01:44 who attacks us?
01:46 Congressman Moynihan, thank you for the question and thank you for your support and efforts
01:51 in Guam and in the Pacific for us competing with our major adversary there. To answer
01:57 your question, sir, I think the first thing that has to happen, we have to be more aggressive
02:00 as a country, as an administration, working in partnership with Mandiant and others to
02:05 attribute these criminal entities as what they are. They're proxies for a state-sponsored
02:11 organization that we know is the Communist Party of China. China actors who are in the
02:17 Ministry of State Security or the People's Liberation Army oftentimes work part-time
02:21 jobs in these cyber organizations and do the bidding of the Communist Party of China and
02:26 oftentimes are utilized to do zero days and other cyber activities to obfuscate attribution
02:32 by the Communist Party of China. I think we have to get more aggressive as a country in
02:36 attributing those entities as what they are, long arms of the Communist Party of China.
02:43 Thank you. Mr. Joyce, with the limited cyber personnel already, Guam's cyber infrastructure
02:48 suffers from deterioration and lack of funding, leaving civilian and military assets vulnerable
02:53 to cyber attacks, while with Guam being one of the closest U.S. territories to China,
02:59 what policy advice would you give the President, the Governor, or even myself to solve Guam's
03:04 cyber insecurity? Thank you, Congressman, for your question. I think the most important
03:10 thing is we have to have the awareness and the priority on this crisis to give them the
03:18 resources to get rid of old, outdated, and insecure hardware. A lot of the tactics used
03:26 in the attacks are finding flaws that could have and should have been patched in old and
03:31 obsolete equipment. So if you can get the budgets for the infrastructure so that they
03:37 will have cyber-capable training, so that they will get rid of their old and antiquated
03:43 technology, and that they have the resources to get the support of the private industry
03:48 with the expertise, I think we can make a lot of headway on this problem. Perfect. Final
03:52 question. We've got about a minute for either – both of you, please. China's using the
03:56 national cyber power to harass districts and state-level actors. Could the panel briefly
04:01 explain the necessity of developing federal, state, or local cyber defense and responses?
04:08 Thank you, Congressman. I'll start. I think the state and local and tribal cyber capabilities
04:15 are the weakest point for our nation. I think the Chinese Communist Party exploits that,
04:19 especially at the county level. We see that throughout not only ransomware attacks, but
04:25 also, as we'll start to see, in election infrastructure. It's the weakest level.
04:28 And oftentimes, States throughout the United States don't have the money to invest and
04:32 to replace the legacy hardware that Mr. Joyce talked about. I think that's going to be
04:37 the first thing to do, is to pay for that legacy information, utilities to be removed.
04:42 Mr. Joyce?
04:45 I think it's got to be close collaboration between the private sector and the state,
04:51 local, and tribal entities. They are often resource and expertise poor. Someone going
04:58 to school with a cybersecurity degree, they're not excited to go into the local water utility
05:07 and be their CISO. So we've got to then augment them with private industry and technology
05:12 so that they can have top-notch security.
05:14 Thank you very much. Thank you to the panel. Thank you, Chairwoman Mace. Thank you.

Recommended