China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on U.S. critical infrastructure, the directors of the FBA, NSA, and the Cybersecurity and Infrastructure Security Agency, or CISA, told lawmakers on Wednesday.
The Volt Typhoon Hacking group has planted malware on routers, computers, and other devices connected to the internet. If activated, this could cause widespread disruptions, or injure and kill Americans.
While Russia is known for cyber attacks that cause real-world harm–for example, targeting U.S. political campaigns and Ukrainian power plants–China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. But Volt Typhoon, which Microsoft revealed last May, represents something far more threatening.
At a meeting with reporters last week, a senior NSA official put the issue in starker terms.
“They’re in places that they are not there for intelligence purposes. The Chinese aren’t there to make money. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said.
China is still undertaking those activities, “but this is unique in that it’s prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something’s flaring up in a different part of the world and they don’t want us facing the foreign aspects of that,” the official said.
FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee on the CCP on Wednesday.
“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. Now, China’s hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities,” Wray said.
CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption.
“The Chinese government got a little bit of a taste of this in the aftermath of the [Russian-linked] ransomware attack on Colonial Pipeline, May of 2021, that shut down gas to the Eastern Seaboard for several days. Americans couldn’t get to work. The Americans couldn’t get to work, or take their children to school. This caused some panic. Imagine this on a large scale. Imagine that not just one, but multiple pipelines are disrupted. People can’t access their mobile phones if the telephony system is down. Polluted water causes people to become sick. Trains get derailed, air traffic control systems, port control systems are malfunctioning,” she said.
Easterly said that escalation shows that China is preparing the digital landscape for possible military activity, a huge leap from simple espionage and data theft.
“It’s Chinese military doctrine that they try to create societal panic among their opponents,” said she. This is a scenario where everything happens at once. And it’s one where the Chinese government believes that it will likely crush American will for the U.S. to defend Taiwan in the event of a major conflict there.”
Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect U.S. military operations, describing the potential impact as “significant.”
“We need to provide a series of different options that our commander in the Indo-Pacific region would want to respond with communications and ability to be able to leverage our most lethal weapon systems,” Nakasone said.
The NSA official wouldn’t say whether Volt Typhoon shows that China has developed a higher tolerance for risk.
“That is absolutely what we’re trying to address. You can take away Volt Typhoon infrastructure, you can take away some of their tradecraft, but…they have a military need to do these things. They’re going to come back and build new infrastructure. Find new tradecraft.”
U.S. national security leaders believe China is vulnerable to bad press and negative public opinion, more so than Russia. The United States, along with other nations, may be able convince Chinese officials that the risk of fostering Volt Typhoon is unacceptable.
“We must get the PRC to understand that putting civilians in danger with cyber is not acceptable. So we have to change that decision calculus and alter the decision makers point of view,” the official said.
Last year’s drama over the Chinese spy balloon shows that not every event linked to Chinese military activity represents the will of top leadership. When commanders engage in entrepreneurial activities that harm public perception, the higher authority can intervene to put an end to it.
“I don’t think the people that ran that [balloon] operation really thought through the risk calculus,” the official said. “The people who made those decisions did not think through the policy implications at a sophisticated level.”
Wray also disclosed yesterday that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.
The post Chinese hacking operations have entered a far more dangerous phase, US warns appeared first on Defense One.