Andy Ogles Asks Experts How To Shield Smaller Communities From China's Salt Typhoon Cyber Attacks

Forbes Breaking News

During a House Homeland Security Committee earlier this month, Rep. Andy Ogles (R-TN) spoke about China's Salt Typhoon attacks.

Transcript

00:00As a gentleman from Tennessee, Mr. Ogleser.

00:02Thank you again, Mr. Chairman.

00:05I also sit on the Financial Services Committee, and Mr. Schmeck, I'd love to hear from you.

00:10One of the things that concerns me is the sophistication of AI and how we're seeing that play out in the financial sector

00:18and just the risks that are involved there.

00:22And so what are the next phases?

00:23Does this go far enough, again, if we're going to come back and do a cleanup or revision of this at some later date,

00:31what needs to be included?

00:34Yeah, so AI, obviously, it's an area of investment for financial services, both on the business side,

00:40but also on the security side as well.

00:44Very much still early days in regards to how we're going to embed that within our operations,

00:49but pretty much every firm has got a strategy around this and are making significant investments,

00:54you know, to Mr. Jimenez's point.

00:58In regards to how this is going to affect CISA, I think we're not really sure how this is going to play out

01:03and how we're going to want to share information, whether it's going to be an agentic AI within a financial services agency

01:10and financial services firm sharing with another agentic AI within DHS or within another agency.

01:17So I think that's something we'll have to work out.

01:19And I think it goes to maybe some of the improvements we can have on the AIS system.

01:23So the AIS system was probably designed 10 years ago.

01:26It's operational.

01:27It accomplishes the mission.

01:28But it's definitely something that could be modernized, you know, both with AI or even, you know,

01:33other opportunities to just improve the level of detail and to just make it more consumable for us

01:40as both a submitter and a consumer of that information.

01:45Mr. Keene, you mentioned the typhoon attacks.

01:49As a former county executive, you know, one of the things that concerns me across our landscape

01:53isn't the larger companies.

01:56Obviously, they're a target and there's risk associated with it,

01:59but it's that critical infrastructure in rural Tennessee that supports hundreds of thousands,

02:05if not millions, of people across this network.

02:09What's the end game there?

02:11How do we help these smaller communities that, quite frankly, so I'll give you an example.

02:16Take, you know, Metro Nashville or Memphis or even the suburb, Williamson County,

02:20which is a very affluent county.

02:22They have the resources to have an IT department, right?

02:25If you go a little further south, east or west, the IT guy is probably also the HR guy.

02:32And they don't, they're not equipped to defend a county, the water system,

02:38the electrical grid from these types of attacks.

02:40So what do we do going forward?

02:41I think part of it is, again, you know, and I sound like a broken record,

02:45it's public-private partnerships.

02:46So the two attacks you just mentioned, I'll use SALT and FLAX.

02:49Both of them are exploiting, you know, critical vulnerability exploits

02:53that were back from, like, 2018, 2021 on known, basically antiquated network and technology gear.

02:59So it's, again, educating, you know, smaller and mid-sized businesses.

03:03And to your point, I saw a statistic recently that 80% of critical national infrastructure

03:07is sitting in small to medium business.

03:09So working with those organizations to create modernization plans,

03:13working with organizations that have the CVEs to help with creating, you know,

03:17in essence, modernization, technology upgrade, helping small to medium businesses

03:22and critical national infrastructure organizations upgrade to technology

03:26that is not vulnerable anymore, and putting action plans together to do so.

03:30You know, the typhoons are, they're not going to care whether you're a large or a small organization.

03:34They're going to care about the disruption that it causes to critical national infrastructure.

03:39And so it's going to take a shoulder-to-shoulder proactive measure between public and private

03:43to ensure that we don't have disruptive behavior from them.

03:46And not that I want to be one of the members of Congress that authorizes Skynet,

03:51but it's almost like we need a cyber shield that is better equips our private

03:56and public partners in this space.

03:59But again, proceed with caution.

Category

Transcript

Recommended