In a striking revelation at the RSA Conference in San Francisco, retired Rear Admiral Mark Montgomery highlighted a significant shift in the cyber threat landscape, indicating that China has surpassed Russia as the primary adversary in cyber warfare against the United States. This transformation has been exemplified by the Volt Typhoon attacks that targeted US critical infrastructure last year.
Montgomery detailed how these attacks were not only highly effective but also acknowledged by Chinese officials in a December 2024 meeting with the Biden administration, where they admitted their role in the hacks. His comments underscore a troubling trend: while the US has focused on defensive strategies, other nations, especially China, have made significant advancements in their cyber capabilities.
Montgomery emphasized the evolving nature of China’s cyber strategy, stating that the Chinese Communist Party has become exceptionally skilled in cyber operations. “What was once seen as intellectual property theft and espionage has now escalated into a formidable cyber threat,” he stated, describing the Volt Typhoon as a sophisticated operation aimed directly at undermining American infrastructure.
He also raised concerns regarding the inadequacy of US infrastructure protections, noting that while military bases are well-defended, the commercial systems that constitute much of America’s critical infrastructure are vulnerable. Montgomery drew attention to a troubling statistic about the ownership of these networks, stating that while previous claims suggested 85% were privately owned, the more accurate figure lies between 82% and 86%.
As Montgomery laid out his recommendations, he called for a substantial increase in the recruitment of offensive cyber operators within the US military. He proposed leveraging untapped talent in the National Guard and suggested extending the requirements of the 2002 Sarbanes-Oxley Act to enhance cybersecurity measures for American companies.
Looking ahead, Montgomery cautioned that the combination of a cyber crisis and geopolitical tensions, such as potential conflicts over Taiwan, could have disastrous effects. By compromising public confidence in government and critical infrastructure, adversaries like China may seek to exploit vulnerabilities during times of crisis.
In addition to China, he briefly mentioned the threats posed by Russia and North Korea, labeling the latter as a “cyber gang masquerading as a nation state.” Montgomery’s insights present a stark warning: without immediate action to bolster defenses and improve cybersecurity, the US may be ill-equipped to face the rising tide of cyber threats.