Add cyber to infrastructure package, Hawaii Gov. Ige tells Congress

Hawaii Gov. David Ige told members of the House Homeland Security Committee Wednesday that any infrastructure package that Congress passes should include specific funding for cybersecurity, a feature that the current $2 trillion proposal being put forward by President Joe Biden currently lacks.

“We strongly urge Congress to include cybersecurity in any national infrastructure plan or legislative package,” Ige, a Democrat speaking on behalf of the National Governors Association, said in his opening remarks to the panel’s subcommittee on emergency preparedness.

Ige, whose remarks came during a hearing on emergency preparedness grants administered by the Department of Homeland Security, praised the department’s recent increase to the minimum amount that award recipients are required to spend on cybersecurity, but also asked lawmakers to again consider creating a dedicated cybersecurity grant program benefitting state and local governments. (Rep. Yvette Clarke, the chairwoman of House Homeland Security’s cybersecurity subcommittee, recently said she plans to re-introduce such legislation.)

The governor stressed that cyberattacks against state and local governments can travel upstream to threaten national security, noting that an incident affecting Hawaii’s critical infrastructure could entangle the military assets based in the island state, like U.S. Indo-Pacific Command.

“The cyber threat is a nationwide threat because we’re all connected,” Ige later told Rep. Val Demings, D-Fla. “I think the real threat to the American way of life is that no business is really prepared to deal with nation-state actors. The cyber terrorists from out of country have access to the networks in our country. The weakest link in the network is where those bad actors will enter the network and wreak havoc.”

A ‘nexus’ with extremism

Jared Maples, director of the New Jersey Office of Homeland Security and Preparedness, echoed Ige’s concerns in his own testimony.

“Whether the support of a criminal enterprise, the malicious destruction of control mechanisms or the interruption of critical services, cybersecurity consequences can affect a multitude of unrelated targets,” said Maples, whose role includes leading the New Jersey Cybersecurity and Communications Integration Cell, an intelligence and information-sharing bureau modeled after a DHS fusion center.

And while Maples said much of his office’s daily cybersecurity duties involve minding “everything from ransomware to strategic infrastructure protection,” he said it’s become increasingly focused over the past year on combatting misinformation and disinformation about the COVID-19 pandemic.

Maples said that early into the health crisis, he spoke with Gov. Phil Murphy about the potential for online falsehoods about the pandemic to spill into the real world, such as a text-message chain — believed to be started by a foreign actor — that attempted to whip up fears about lockdowns and armed government personnel invading homes. But Maples also said New Jersey has been ahead of other states in collecting intelligence about online misinformation, especially the kind that can motivate violent extremism.

“Now you see this nexus between extremism, online recruiting, an incredible nexus between foreign nation organizations, there’s a benefit to them to cause chaos to us,” Maples told Rep. Marjorie Miller-Meeks, R-Iowa, who asked about online influence campaigns backed by the Chinese government. “There’s a huge nexus to that convergence of threat that we deal with every day in New Jersey.”

But during his testimony, Maples also said that the NJCCIC monitors domestic online extremism, too. The center, among other preparations for last year’s election, published a lengthy dossier on the threats posed by both foreign and U.S.-based disinformation merchants, threats he said on Wednesday had culminated with the Jan. 6 insurrection at the U.S. Capitol.