WASHINGTON, D.C. — This week on Capitol Hill, the House Select Committee on the Chinese Communist Party (CCP) heard testimony from the FBI and cybersecurity experts about cyber threats to America.
Lawmakers and experts say the US is at war in cyberspace and that personal and business data of Americans are at risk.
According to the FBI, China’s vast hacking program is the world’s largest, and has stolen more Americans’ personal and business data than every other nation combined.
“Cyber threats to our critical infrastructure represent real world threats to our physical safety,” said FBI Director Chris Wray during the hearing.
Lawmakers and cybersecurity officials say, in recent years, the CCP has hacked into America’s critical infrastructure for the sole purpose of destroying the infrastructure in the event of a conflict.
“This is an attempt to provide the Chinese options in crisis or conflict. This is not an episodic threat that we’re going to face. This is persistent,” said General Paul Nakasone, Commander of United States Cyber Command when testifying in front of the Select Committee.
“This has risen to the level of a national security threat that’s very, very real. We need to be taking this seriously,” said Lisa Plaggemier, Executive Director at the National Cybersecurity Alliance. She says the severity of the issue is sometimes overlooked by the public because it’s not tangible.
“It’s remote. It’s not tangible to us in the way that a physical war would be,” said Plaggemier.
Aside from the threat the CCP poses to critical infrastructure, including water treatment facilities, the power grid and pipelines, Plaggemier says it can also pose a threat at home.
“There are a lot of different ways our way of life could be disrupted by a country that’s not friendly,” said Plaggemier. “When you bring technology into your home, you have to maintain it. It’s like cutting the grass, you can’t just sort of plug it in and forget about it.”
Experts say it’s imperative to check for updates on software and devices to ensure your data is safe.
“You have to update these things and you have to check, for example, your router. You want to check the manufacturer’s website to make sure you’re running the latest firmware on that router, that your antivirus is up to date, your operating systems are up to date,” said Plaggemier.
Many small and medium-sized businesses are being adversely impacted as well.
“There have already been small and medium sized businesses, a few highly publicized cases of companies that have gone out of business that were unique and very technologically advanced. They had spent a lot of their own time and energy investing, and the Chinese steal their intellectual property and then are able to undercut them on the market, sell for a lower price, and then these companies go out of business,” said Plaggemier.
Although Congress is shining a light on the intangible threat, and exploring ways to protect national security, Plaggemier says the private sector can move much faster, especially to protect consumers. She says more tech companies need to take the initiative on what’s called “secure by design.”
“That means that you don’t release code that has security bugs in it, you don’t go to market with things that that haven’t been thoroughly penetration-tested, you figure out ways to protect the little old lady in Cleveland who’s using a router that’s out of date,” said Plaggemier. “You figure out ways to protect that person.”