The Foundation for Defense of Democracies’ Mark Montgomery says the House select committee on China hits the mark with cyber recommendations in a report on deterring an attack on Taiwan, and has added a few more suggestions to shore up U.S. infrastructure resilience against cyber attacks by the People’s Republic of China.
The House Select Committee on the Chinese Communist Party on May 25 released a report calling for steps to strengthen cybersecurity for U.S. port operations, and to move on “testing and evaluating” the security of software that “underpins” U.S. critical infrastructure, as key steps in deterring a possible Chinese military attack on Taiwan.
Montgomery told Inside Cybersecurity that recommendations from the select committee have a good chance of making it into law, as Chairman Mike Gallagher (R-WI) also serves as chairman of the House Armed Services cyber subcommittee. Rep. Ro Khanna (D-CA) is ranking member of the Armed Services cyber subcommittee and serves on the China panel.
“The CCP Committee will undoubtedly identify a number of important recommendations that help the U.S. better prepare for a crisis or contingency over Taiwan, but the ones with a nexus in cyber will have the best chance to quickly turn into law,” Montgomery said in an interview.
“I think two of the ‘Ten for Taiwan’ bipartisan findings and associated recommendations from the CCP Committee have a predominantly cyber aspect: the need to build Taiwan's cybersecurity capabilities to withstand CCP cyberattacks, and the need to improve U.S. national cyber resilience, particularly around military mobility systems like ports,” Montgomery said.
He was executive director of the Cyberspace Space Solarium Commission and is now leading CSC 2.0, the commission’s successor organization housed at FDD.
Montgomery recently testified before the China select committee and urged steps to improve Taiwan’s cyber defenses while also focusing on bolstering the cybersecurity of U.S. critical infrastructure in order to deter Chinese cyber attacks against domestic transportation, communications and other systems that support U.S. military operations.
“In the cyber, information, and critical infrastructure areas there are equally important steps that need to be taken to ensure U.S. forces are ready to deter and defeat America’s adversaries in the demanding cyberspace environment the United States will face in the next five years,” Montgomery testified.
“This will require that the U.S. build the cyber resilience necessary to both support U.S. military mobility — the agile movement of equipment, personnel, spares and supplies from the United States to the front lines; and that U.S. national critical infrastructure — financial services, electrical power, healthcare, water etc. — can support economic productivity and soft power tools,” he said.
“This must all be supported by an environment where innovation is encouraged and risk is accepted,” Montgomery testified.
“The Chinese will test the cyber resilience of U.S. military mobility systems,” he noted. “The rail, highway, maritime (especially ports) and aviation networks that move forces off of their bases and into the warfighting theater are generally owned and operated by the private sector.”
“It is critical,” Montgomery testified, “that the federal government is working closely with these transportation sectors before a crisis to ensure that the transportation networks are ready for cyber malicious activity and have proactively rooted out foreign malware. A delay or disruption in the movement of supplies, personnel, equipment or munitions could have devastating consequences on the battlefield.”
Montgomery praised legislative efforts “addressing the challenges with a proliferation of Chinese-built cranes in major U.S. ports [as] a good start at assessing and addressing this threat.”
He testified that efforts to improve cyber resilience “will have to extend into all U.S. national critical infrastructure — the financial sector, electrical power systems, water systems, pipelines, and other sectors that enable the economic productivity that produces equipment and supplies and supports significant U.S. economic and diplomatic warfighting tools.”
“Building such a resilience is a burdensome process as it relies on a public-private collaboration that has struggled despite 20 years of government efforts,” Montgomery said. “The responsibility for this collaboration extends across multiple federal agencies and congressional committees, but Congress must ensure that key elements of the public-private partnership are being addressed.”
In addition, Montgomery testified, “The United States should help Taiwan improve its ability to absorb the barrage of Chinese cyberattacks that will both precede and be integrated with a broader Chinese attack on Taiwan.”
He cited extensive work to shore up Ukraine’s cyber defenses in the lead-up to the Russian invasion and said, “A similar effort is needed for Taiwan today, but one tailored to Taiwan’s capabilities and the Chinese threat.”
Montgomery urged lawmakers to pass the Taiwan Cybersecurity Resiliency Act setting the stage for increased cyber collaboration between the Defense Department and Taiwan government.
“Part of this effort should explicitly include recurring U.S. Cyber Command ‘Hunt Forward Operations’ in Taiwan, as both Taiwan and U.S. cyber operators would benefit from this effort and be better prepared to work closely together in a crisis environment,” Montgomery testified. – Charlie Mitchell (cmitchell@iwpnews.com)