Trump admin’s purge of US cyber advisory boards was ‘foolish,’ says ex-Navy admiral

interview Gutting the Cyber Safety Review Board as it was probing how China’s Salt Typhoon breached American government and telecommunications networks was “foolish” and “bad for national security,” says retired US Navy Rear Admiral Mark Montgomery.

Last week, two days after President Donald Trump returned to the White House, Montgomery testified before a US House of Representatives’ Committee on Homeland Security. 

During the hearing, he told lawmakers, “the homeland has never been less secure,” noting the threat of a terrorist and/or missile attack. But, he added, “the most persistent vulnerability is a threat of cyberattack. And make no mistake, China is America’s most capable and opportunistic cyber adversary.”

On Wednesday, The Register caught up with Montgomery to discuss the new Trump Administration’s first week in office as well as what to do about the threat posed by China to US cybersecurity.

The whole “seesaw” between Republican and Democratic administrations, during which a new president comes into power and immediately spikes the membership of key advisory committees, “is counterproductive and bad for national security,” Montgomery, a senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation said.

One of the Trump administration’s first moves was to terminate all memberships on advisory committees within the Department of Homeland Security, including those focused on cybersecurity. 

This action impacted the Artificial Intelligence Safety and Security Board, Critical Infrastructure Partnership Advisory Council, National Security Telecommunications Advisory Committee, National Infrastructure Advisory Council, US Secret Service Cyber Investigations Advisory Board, and the Cyber Safety Review Board (CSRB).

“I’m particularly concerned about the CSRB,” Montgomery told The Register. “That was different than advisory. That was an investigative panel.”

You don’t get any smarter from canceling that investigation, but you might stupider

The board previously investigated Microsoft’s “cascade of security failures” that allowed Chinese spies to break into senior US officials’ email accounts. Prior to Trump taking office, the CSRB was probing the Salt Typhoon attacks on American networks.

“No one was kicked off the NTSB, the National Transportation Security Board, in the middle of investigating a flight that crashed here, or a flight that crashed there,” Montgomery said. 

“CSRB is, in practice, like the NTSB,” he continued. “To cancel it was a foolish thing to do, when they’re investigating Salt Typhoon, the Chinese espionage penetration of our telecommunications and ISP networks. This was absolutely the wrong time to shut that down.”

American network defenders would have been able to take the learnings from the CSRB report and (hopefully) used them to improve cyber defenses, Montgomery explained:  “You don’t get any smarter from canceling that investigation, but you might stupider.”

In addition to eliminating the DHS committee members, the new administration also froze nearly all foreign aid pending a government review, and this included funds to defend America’s allies from cyberattack and negotiate international computer security policies.

It also hit the pause button on all grants and loans disbursed by the federal government, including those that boost state and local cybersecurity, and a Department of Defense scholarship program intended to recruit infosec students to work for the DoD — although this was later temporarily blocked by a federal judge. And then the White House walked it back – Trump’s budget office on Wednesday rescinded the memo freezing spending on federal loans and grants.

“The cessation of the State Department cyber programs, the cessation of the Department of Defense cyber-education programs, and the cessation of state and local cybersecurity funds — all of those collectively were the wrong thing to do,” Montgomery said. “Those were all programs working effectively to make our country more secure.”

While it’s too early to grade the new administration’s performance in making America’s digital borders safe again, Montgomery does like what he’s heard so far from National Security Advisor Mike Waltz.

Before taking office, Waltz advocated for offensive cyber measures against adversaries including China, and he’s repeated this stance since he became Trump’s national security advisor.

“He’s been very clear in his goal to respond more aggressively to adversary, cyber-malicious activity,” Montgomery said about Waltz. 

When it comes to taking offensive cyber-actions against China, “I think we need to do things and then talk about it, deterrence by demonstration,” Montgomery added.

Specifically, the US should find and destroy the IT infrastructure used by Volt Typhoon, another Chinese government-backed crew that has been burrowing into America’s critical infrastructure in preparation for future, potentially destructive, cyber attacks. “And then we say we did it,” Montgomery said.

“Is that going to compromise access or a tool? Maybe,” he admitted. “But if they [America’s cyber spies] don’t have a ton of tools and accesses, shame on them. Because it’s clear that China had a lot on us.” ®

READ MORE HERE