⚡NIMITZ TECH NEWS FLASH⚡

“Unconstrained Actors: Assessing Global Cyber Threats to the Homeland”

House Committee on Homeland Security

January 22, 2025 (recording linked here)

HEARING INFORMATION

Witnesses and Written Testimony (linked here):

• Adam Meyers: Senior Vice President, Counter Adversary Operations, CrowdStrike

• Rear Admiral Mark Montgomery, U.S. Navy (Ret.): Senior Director, Center on Cyber and Technology Innovation, Foundation for Defense of Democracies

• Brandon Wales: Vice President, Cybersecurity Strategy, SentinelOne

• Kemba Walden: President, Paladin Global Institute

HEARING HIGHLIGHTS

IN THEIR WORDS

SUMMARY OF OPENING STATEMENTS FROM THE SUBCOMMITTEES

• Chairman Green opened the hearing by emphasizing the critical need to address growing cyber threats, particularly those posed by nation-state actors like China, Russia, Iran, and North Korea. He highlighted the risk posed by China, which has deeply infiltrated U.S. infrastructure and could potentially disrupt essential services during a conflict. He stressed the importance of advancing legislation like the Cyber Pivot Act to develop a skilled cyber workforce and underscored the need for a coordinated government and private sector effort to strengthen cybersecurity. Chairman Green concluded by expressing his eagerness to hear from the witnesses about strategies to enhance public-private partnerships and address both current and emerging cyber threats.

• Ranking Member Thompson began by acknowledging the importance of cybersecurity as a focus for the 119th Congress. He raised concerns about recent political challenges undermining the Cybersecurity and Infrastructure Security Agency (CISA), including funding cuts and opposition to its mission. He highlighted CISA’s progress in addressing cybersecurity issues through programs like the state and local cybersecurity grant program and the Secure by Design initiative. Thompson also expressed alarm over attempts to politicize advisory committees, which could delay critical investigations like the Salt Typhoon hack, and urged the committee to maintain bipartisan efforts to strengthen cybersecurity infrastructure.

SUMMARY OF WITNESS STATEMENT (Panel I)

• Mr. Myers, Senior Vice President for Counter Adversary Operations at CrowdStrike, outlined the global cyber threat landscape, emphasizing the growing sophistication of China’s cyber capabilities. He detailed China's advancements in offensive cyber operations, including campaigns such as Volt Typhoon and Liminal Panda, which target U.S. critical infrastructure and pre-position for potential attacks. Myers also highlighted the evolving tactics of other nation-state actors like North Korea, Russia, and Iran, as well as the continued threats from ransomware and hacktivists. He recommended strengthening enterprise defenses, fostering public-private collaboration, and using incentives like tax credits to make cybersecurity tools more accessible, urging Congress to provide oversight and support initiatives like proactive threat hunting and adversary disruption.

• Rear Admiral Montgomery emphasized that cyber vulnerabilities pose the most persistent threat to the U.S. homeland, with China representing the greatest risk. He described China's Volt Typhoon operation, which involves malware pre-positioned in critical infrastructure to disrupt U.S. military mobilization and essential services. Montgomery stressed the need to secure critical infrastructure, prioritize high-value assets, better utilize the National Guard for cyber defense, and develop a robust government cyber workforce. He called for investments in cybersecurity and highlighted the importance of both deterrence by denial and deterrence by punishment to prevent adversaries from exploiting U.S. networks.

• Mr. Wales, Vice President of Cybersecurity Strategy at SentinelOne, detailed the ongoing cyber warfare threats posed by China, Russia, Iran, North Korea, and cybercriminals. He focused on China's recent campaigns, such as breaching Microsoft Exchange Online and telecommunications networks, which aim to disrupt U.S. operations in the event of a conflict. He stressed the importance of a whole-of-society approach, centralizing cybersecurity capabilities within CISA, streamlining regulatory oversight, and holding technology providers accountable for secure-by-design products. Wales warned that time is limited to prepare for potential conflict with China, urging Congress to act decisively to bolster national cybersecurity resilience.

• Ms. Walden, President of the Paladin Global Institute, highlighted the increasing sophistication of cyber threats, particularly from China’s Volt Typhoon and Salt Typhoon campaigns, which target critical infrastructure and telecommunications networks. She recommended reauthorizing the Cybersecurity and Information Sharing Act, clarifying liability protections for defensive measures, and harmonizing regulatory frameworks to reduce burdens on businesses. Walden emphasized the importance of expanding workforce development programs, embracing technological innovation like AI for threat detection, and updating digital identity guidelines to enhance security. She called for a proactive, collaborative approach to address the evolving global cyber threat landscape and protect national security.

SUMMARY OF Q and A

• Chairman Green asked Mr. Myers to explain the PRC’s approach to cyber operations. Mr. Myers stated that China exploits external-facing devices like routers and VPN concentrators, which often lack modern security protections, and uses a nationalized vulnerability research program to exploit American technologies.

  Chairman Green followed up by asking for examples of targeted devices. Mr. Myers identified routers and VPN concentrators as key nodes targeted by Chinese actors like Vanguard Panda (Volt Typhoon) for pre-positioning to disrupt critical infrastructure during crises.
  Chairman Green asked Rear Admiral Montgomery about the value of establishing a National Guard cyber defense unit in every state. Montgomery supported the idea, highlighting state-level authority, local ties, and better preparedness, but cautioned that governors might hesitate to share cyber resources during widespread incidents, underscoring the need to equip all states adequately.

• Rep. McCaul asked how pre-positioned malware could disrupt U.S. critical infrastructure and what actions could strengthen these systems. Rear Admiral Montgomery explained that such actions amount to "operational preparation of the battlefield" and should be treated as acts of war. He advocated for offensive cyber operations against Chinese infrastructure to deter future attacks and criticized the high threshold for taking action, calling for a more aggressive approach.
  Rep. McCaul asked about alliances among China, Russia, Iran, and North Korea in cyberspace. Mr. Wales explained that while mutual distrust limits connections, collaboration is increasing in specific areas like Ukraine, though it does not yet match the close cooperation seen among U.S. allies.

• Rep. Swalwell asked about reforms to the Joint Cyber Defense Collaborative (JCDC). Rear Admiral Montgomery recommended moving beyond the current "Slack channel" approach to implementing real-time information-sharing and operational planning, suggesting intelligence working groups for classified collaboration while maintaining unclassified exchanges for broader information sharing.

• Rep. Higgins asked about streamlining federal cybersecurity regulations. Ms. Walden explained that current frameworks create inefficiencies due to duplicative regulations and emphasized the need for baseline security requirements and reciprocity among agencies to reduce redundancies and enhance cybersecurity resilience.
  Rep. Higgins asked about the cybersecurity industry’s inability to "strike back" against adversaries. Mr. Myers explained that the industry focuses on defense while working with law enforcement and the military, which have offensive authority. He expressed a desire for more collaborative operations and confirmed that CrowdStrike has the visibility to identify bad actors if given legal authority.

• Ranking Member Magaziner asked Rear Admiral Montgomery to estimate the size of China’s cyber warfare workforce. Montgomery estimated that China employs approximately 60,000 individuals in cyber operations compared to the U.S. Cyber Mission Force’s 6,400 personnel, excluding additional intelligence elements. The Ranking Member also asked about Russia’s cyber workforce, and Montgomery explained that it includes military personnel, intelligence operatives, and contractors, making it somewhat larger.
  Ranking Member Magaziner asked the panel if anyone agreed with Governor Noem’s assertion that CISA should be made smaller, receiving no agreement. He criticized her position and highlighted her rejection of federal cybersecurity grants. He also praised the National Guard’s role, including Rhode Island’s 102nd Cyber Operations Squadron, and emphasized bipartisan legislative efforts like the Contingency Plans for Critical Infrastructure Act.
  The Ranking Member emphasized the need to explicitly recognize cyberattacks, including foreign misinformation campaigns aimed at undermining U.S. democracy, as attacks. He argued that while Americans have free speech rights, foreign adversaries such as China, Russia, and Iran should not be allowed to exploit these freedoms to sow division or influence elections.

• Chairman Gimenez asked if artificial intelligence (AI) could serve as a defensive mechanism in cybersecurity. Mr. Wales affirmed that AI is rapidly being integrated into cybersecurity applications, with the U.S. leading in leveraging AI for defense, outpacing adversaries’ weaponization efforts.
  Chairman Gimenez sought Mr. Myers’ perspective on AI, and Mr. Myers confirmed that CrowdStrike has used AI and machine learning for 14 years, showcasing its integration into cybersecurity operations.
  Chairman Gimenez referenced a $500 billion AI investment initiative and asked for insights. Mr. Wales supported the investment to maintain U.S. leadership in AI. Rear Admiral Montgomery emphasized the need to regulate AI intellectual property to prevent theft and highlighted the importance of protecting breakthroughs for U.S. military and industry.
  Chairman Gimenez asked if AI could offset manpower disadvantages and provide a "rebound" capability in cyber defense. Rear Admiral Montgomery explained that AI enhances deterrence by denial and cost imposition but noted that the U.S. lacks full organizational readiness for rapid cyber recovery. When asked for a yes or no on AI’s ability to help achieve these goals, Montgomery answered, “Yes.”

• Rep. Goldman asked Mr. Wales if he agreed with former CISA Director Chris Krebs’ statement that the 2020 election was free and fair, with no evidence of voting systems being compromised. Mr. Wales affirmed Krebs’ statement. Goldman criticized proposed budget cuts to CISA, emphasizing their potential impact on defending against growing cyber threats from adversaries like Russia, China, and Iran.

  Rep. Goldman also asked about the consequences of reducing CISA's budget. Mr. Wales explained that such cuts would hinder CISA’s ability to assist critical infrastructure, state, and local governments with cybersecurity incidents and vulnerability assessments, compromise federal network monitoring, and delay the deployment of protective technologies. He clarified that CISA is the only federal agency providing cybersecurity services to state and local election officials.

• Chairman Pfluger asked which federal agency leads cyber threat responses. Mr. Wales explained that no single agency is solely responsible, as CISA handles recovery and vulnerability assessments, the FBI investigates and disrupts adversaries, and the intelligence community tracks overseas threats. He noted that interagency coordination is stronger than ever.
  The Chairman asked Ms. Walden to assess the response to the Salt Typhoon cyberattack. Ms. Walden stated that the response appeared to be adequate and appropriate, though she was not in government at the time.
  The Chairman asked Rear Admiral Montgomery for his perspective on the Salt Typhoon response and whether a lead agency should be designated. Montgomery advocated for CISA to take the lead, arguing that a single agency is critical for effective coordination, as seen in military structures. He criticized the Biden administration for not designating CISA as the lead in National Security Memorandum 22 and urged Congress to address this through updated policy.

  Chairman Pfluger also asked about adversaries “lying in wait” and potential future attacks. Rear Admiral Montgomery identified China as the most significant threat, with its focus on disrupting U.S. mobilization and economic productivity, and noted that Russian malware likely remains present in U.S. systems. Mr. Myers added that incidents like Salt Typhoon and Volt Typhoon are ongoing and require continuous attention. He emphasized the importance of identifying, removing, and blocking adversary access to mitigate future threats.

• Rep. Ramirez asked about CISA’s allocation of resources to combat misinformation and disinformation. Mr. Wales stated that less than $2 million—far below 1% of CISA’s $3 billion budget—is allocated for these efforts, confirming that they have not interfered with CISA’s cybersecurity mission.
  Rep. Ramirez asked whether the state and local cybersecurity grant program should be reauthorized, given its role in bolstering cyber defenses. All witnesses agreed that it should be reauthorized. She followed up by asking about the national security implications of failing to protect state and local government networks. Mr. Myers noted that these governments are frequent targets of adversaries, including ransomware groups, and emphasized the importance of protecting school districts. Rear Admiral Montgomery described state and local governments as "low-hanging fruit" due to limited budgets, advocating for workforce development through reintroducing the Pivot Act. Mr. Wales highlighted the critical services these governments provide, making them attractive targets for ransomware groups and nation-state actors. Ms. Walden added that addressing technical debt and modernizing legacy systems are essential for improving resilience.

• Chairman Garbarino asked if CISA needs additional authorities to combat cyber threats, particularly from China. Mr. Wales responded that while CISA’s authorities are sufficient, scaling its resources to meet the scale of threats is crucial, along with enhancing collaboration between CISA and the private sector.
  The Chairman asked about a recent executive order regarding threat hunting on federal networks. Mr. Wales explained that the order builds on the FY21 National Defense Authorization Act, allowing CISA to conduct threat hunting without agency permission. He noted that requiring agencies to share sensor data with CISA is critical for detecting adversarial campaigns early but stressed that compliance must be enforced.
  The Chairman raised concerns about information sharing between the private and public sectors, given that most critical infrastructure is privately owned. Mr. Wales acknowledged improvements in recent years but emphasized the need for faster, actionable, and usable information sharing with the right private-sector stakeholders.
  Chairman Garbarino praised Rear Admiral Montgomery’s advocacy for a "continuation of the economy" plan in the event of a cyberattack. He criticized the Biden administration for failing to develop such a strategy and emphasized that the incoming administration must prioritize creating a robust plan.

• Rep. Pou asked the witnesses to describe the benefits of the Cybersecurity Information Sharing Act (CISA) of 2015 and the implications of a lapse in its authority. Ms. Walden highlighted that the act provides liability protections for the private sector to share cyber threat indicators and defensive measures with the government and each other, facilitating real-time collaboration essential for initiatives like the Joint Cyber Defense Collaborative (JCDC). Mr. Wales emphasized that the act reassures private companies they will not face legal or financial repercussions for sharing information, fostering trust and strong information-sharing partnerships. Rear Admiral Montgomery supported reauthorizing the act and suggested strengthening liability protections for companies and further integrating CISA to improve data transmission speed and unclassified intelligence sharing. Mr. Myers stressed that information sharing is fundamental for cybersecurity, enabling collaboration among vendors, customers, and government partners to defend against adversaries like China, Iran, and North Korea.

• Rep. Greene asked Rear Admiral Montgomery to elaborate on solutions to cybersecurity challenges. Montgomery emphasized the need to invest in sector risk management agencies, citing significant funding disparities between agencies like Energy ($50–100 million annually) and Agriculture or Education (under $500,000). He called for consistent leadership at the cabinet level and sufficient funding, particularly for military mobility infrastructure, including rail, aviation, and ports.
  Rep. Greene asked about AI as a tool for cybersecurity. Mr. Myers explained that AI enhances cybersecurity by automating tasks for junior analysts, helping them manage complex issues at scale and speed. He added that AI can identify and remediate attacks quickly but cautioned that protecting AI workloads will become increasingly critical as more organizations adopt the technology. Mr. Wales and Ms. Walden both affirmed AI’s positive contributions, answering “yes” to its potential to bolster cybersecurity efforts.

• Rep. Turner asked about the Office of the National Cyber Director (ONCD) and its role in strengthening national cybersecurity. Ms. Walden explained that ONCD provides strategic cybersecurity advice to the President, ensuring accountability across federal agencies. She emphasized ONCD's work to shift cybersecurity risks from state and local governments to larger entities, build resilience in workforce and technology, and coordinate efforts through its strategic action plan. She highlighted ONCD's collaboration with the Office of Management and Budget to prioritize federal funding requests as a critical function.
  Rep. Turner asked about ONCD’s success and its importance under the new administration. Rear Admiral Montgomery praised Ms. Walden’s leadership and highlighted ONCD’s focus on budget control, workforce development (with an emphasis on the potential passage of the Pivot Act), and harmonizing regulations to ease burdens on industries. He stressed the importance of ensuring funding for sector risk management agencies and expressed optimism about ONCD’s future if it continues addressing these priorities.

• Rep. Luttrell described a cyberattack on a nursing home in his district and asked how to address coordination issues between agencies like CISA and the FBI. Rear Admiral Montgomery noted the vulnerability of small healthcare facilities to ransomware, which often leads to closure if recovery is not achieved within 4-6 weeks. He recommended a "fractional CISO" program, allowing specialized cybersecurity officers to temporarily assist such facilities. He also called for a National Security Memorandum to establish a clear chain of command, with a lead agency like CISA responsible for coordinating responses.
  Rep. Luttrell asked Ms. Walden about her experience combating ransomware and suggestions for addressing domestic cyber threats, including in areas impacted by human trafficking. Ms. Walden clarified her work on ransomware threats and highlighted how large enterprises like Microsoft and Google process data to detect threats. She advocated for shifting the cybersecurity burden to these enterprises and encouraged their collaboration with CISA to share actionable intelligence and proactively mitigate risks, enhancing overall cybersecurity resilience.

• Rep. McIver asked how Congress could better support local governments and private sector stakeholders in securing critical infrastructure. Ms. Walden recommended continued funding for state and local cybersecurity grant programs to address legacy technical debt and suggested expanding initiatives like SFS (Scholarship for Service) and CyberCorps to provide the talent necessary to maintain and secure systems.
  Rep. McIver asked for additional recommendations. Rear Admiral Montgomery emphasized the need for "bottom-up support," particularly in under-resourced sectors like water infrastructure. He advocated for a Water Risk and Resilience Organization to facilitate collaboration between trade associations and federal agencies and highlighted local cybersecurity clinics as valuable training hubs for students and local governments.
  Rep. McIver asked about addressing workforce gaps and private sector investment. Mr. Myers identified two challenges: the lack of cybersecurity professionals and insufficient investment in managed security services. He recommended incorporating STEM education at younger levels, leveraging artificial intelligence, and incentivizing businesses to adopt managed security services for long-term benefits.

• Chairman Strong asked about the growing collaboration between nation-states and criminal cyber actors. Rear Admiral Montgomery noted that advanced nation-state tools are increasingly accessible to criminal actors, creating significant challenges. He cited examples like ransomware groups in Russia redirecting efforts to Ukraine during the invasion, illustrating blurred lines between state and non-state actors.
  The Chairman asked if he foresaw a "cyber axis of evil." Rear Admiral Montgomery stated that authoritarian nations—China, Russia, Iran, and North Korea—are increasingly cooperating in aggressive cyber activities. He predicted that this coordination would eventually extend to sharing cyber tools and techniques.
  The Chairman asked how the U.S. could harness its cyber capabilities offensively. Mr. Wales explained that offensive operations are most effective when coordinated with defensive efforts. He emphasized that information gathered domestically can inform targeted Cyber Command operations abroad, citing ransomware operations as an example of integrated strategies.
  Strong asked if cybersecurity should be central to homeland security strategy. Rear Admiral Montgomery strongly agreed, describing cybersecurity as the most significant and immediate threat to the homeland, surpassing missile and physical attacks.

• Rep. Ogles asked about U.S. cooperation with Israel on cyber threats, particularly from Iran. Rear Admiral Montgomery praised the robust partnership, noting shared intelligence, tools, and strategies. He highlighted Israel’s deterrence efforts against Iran, including both kinetic and cyber actions, as critical to bolstering overall cybersecurity resilience.

  Rep. Ogles asked how the U.S. could strengthen its cybersecurity partnership with Israel. Rear Admiral Montgomery suggested increasing the classification level of shared intelligence while praising the strong existing alliance, which includes Israel providing valuable intelligence and the U.S. supplying weapons and support. He emphasized maintaining and enhancing the partnership as a priority.
  Rep. Ogles inquired about the U.S.-Israel relationship in cybersecurity. Mr. Wales highlighted decades of close collaboration, particularly daily information-sharing efforts with Israel's National Cyber Directorate during major events like October 7, which saw attacks from both nation-state and non-state actors.
  Ogles asked Wales to assess the Treasury Department's cybersecurity posture following the Silk Typhoon intrusion. Mr. Wales explained that Treasury’s security has significantly improved over the past eight years, forcing adversaries to adopt sophisticated tactics like third-party supply chain attacks. He emphasized the importance of managing third-party risks and ongoing vigilance.

• Rep. Brecheen raised the idea of using Letters of Marque to allow private entities to retaliate against cyber adversaries. Rear Admiral Montgomery partially agreed, emphasizing the need for a formalized cyber force but acknowledging contractors could temporarily fill gaps. Brecheen argued that historical precedents demonstrate the viability of empowering private actors under regulated frameworks.

• Rep. Crane expressed frustration over the lack of accountability in federal cybersecurity failures and praised Mr. Myers for previously taking responsibility for company shortcomings. Mr. Wales admitted federal shortcomings, such as underinvestment in endpoint monitoring before SolarWinds, while Ms. Walden acknowledged a lack of prior coordination but emphasized recent improvements.
  Rep. Crane asked about allegations of censorship by CISA. Mr. Wales denied the claims and defended CISA’s actions under his leadership. Rep. Crane reiterated the need for a more aggressive offensive cybersecurity posture, comparing cyber intrusions to acts of war.

ADD TO THE NIMITZ NETWORK

Know someone else who would enjoy our updates? Feel free to forward them this email and have them subscribe here.