During a House Homeland Security Committee earlier this month, Rep. Andy Ogles (R-TN) spoke about China's Salt Typhoon attacks.
Category
🗞
NewsTranscript
00:00As a gentleman from Tennessee, Mr. Ogleser.
00:02Thank you again, Mr. Chairman.
00:05I also sit on the Financial Services Committee, and Mr. Schmeck, I'd love to hear from you.
00:10One of the things that concerns me is the sophistication of AI and how we're seeing that play out in the financial sector
00:18and just the risks that are involved there.
00:22And so what are the next phases?
00:23Does this go far enough, again, if we're going to come back and do a cleanup or revision of this at some later date,
00:31what needs to be included?
00:34Yeah, so AI, obviously, it's an area of investment for financial services, both on the business side,
00:40but also on the security side as well.
00:44Very much still early days in regards to how we're going to embed that within our operations,
00:49but pretty much every firm has got a strategy around this and are making significant investments,
00:54you know, to Mr. Jimenez's point.
00:58In regards to how this is going to affect CISA, I think we're not really sure how this is going to play out
01:03and how we're going to want to share information, whether it's going to be an agentic AI within a financial services agency
01:10and financial services firm sharing with another agentic AI within DHS or within another agency.
01:17So I think that's something we'll have to work out.
01:19And I think it goes to maybe some of the improvements we can have on the AIS system.
01:23So the AIS system was probably designed 10 years ago.
01:26It's operational.
01:27It accomplishes the mission.
01:28But it's definitely something that could be modernized, you know, both with AI or even, you know,
01:33other opportunities to just improve the level of detail and to just make it more consumable for us
01:40as both a submitter and a consumer of that information.
01:45Mr. Keene, you mentioned the typhoon attacks.
01:49As a former county executive, you know, one of the things that concerns me across our landscape
01:53isn't the larger companies.
01:56Obviously, they're a target and there's risk associated with it,
01:59but it's that critical infrastructure in rural Tennessee that supports hundreds of thousands,
02:05if not millions, of people across this network.
02:09What's the end game there?
02:11How do we help these smaller communities that, quite frankly, so I'll give you an example.
02:16Take, you know, Metro Nashville or Memphis or even the suburb, Williamson County,
02:20which is a very affluent county.
02:22They have the resources to have an IT department, right?
02:25If you go a little further south, east or west, the IT guy is probably also the HR guy.
02:32And they don't, they're not equipped to defend a county, the water system,
02:38the electrical grid from these types of attacks.
02:40So what do we do going forward?
02:41I think part of it is, again, you know, and I sound like a broken record,
02:45it's public-private partnerships.
02:46So the two attacks you just mentioned, I'll use SALT and FLAX.
02:49Both of them are exploiting, you know, critical vulnerability exploits
02:53that were back from, like, 2018, 2021 on known, basically antiquated network and technology gear.
02:59So it's, again, educating, you know, smaller and mid-sized businesses.
03:03And to your point, I saw a statistic recently that 80% of critical national infrastructure
03:07is sitting in small to medium business.
03:09So working with those organizations to create modernization plans,
03:13working with organizations that have the CVEs to help with creating, you know,
03:17in essence, modernization, technology upgrade, helping small to medium businesses
03:22and critical national infrastructure organizations upgrade to technology
03:26that is not vulnerable anymore, and putting action plans together to do so.
03:30You know, the typhoons are, they're not going to care whether you're a large or a small organization.
03:34They're going to care about the disruption that it causes to critical national infrastructure.
03:39And so it's going to take a shoulder-to-shoulder proactive measure between public and private
03:43to ensure that we don't have disruptive behavior from them.
03:46And not that I want to be one of the members of Congress that authorizes Skynet,
03:51but it's almost like we need a cyber shield that is better equips our private
03:56and public partners in this space.
03:59But again, proceed with caution.