Since this past May, the National Security Agency (NSA) has issued repeated warnings that a group believed to have ties to Beijing could be targeting critical infrastructure in the United States. The state-sponsored Volt Typhoon has so far been focused on stealing information from organizations that hold data that is related to the U.S. military or government, but NSA and other agencies believe it could change up its tactics and strike against the U.S. energy grid or other infrastructure.
Those warnings were reaffirmed earlier this month at the Cyberwarcon security conference in Washington, D.C., where officials called up network administrators and security teams to remain especially diligent when it comes to monitoring for suspicious activity.
The group has been linked to attacks on American universities as well as to one on a U.S. Army Reserve Officers’ Training Corps program, Wired magazine reported. Volt Typhoon, which has been dormant much of the spring and summer only to reemerge in August, has also been observed targeting U.S. utility companies.
A Clear and Present Danger?
Though the United States continues to face cybersecurity threats from Russia, Iran, North Korea, and other nations, the risks from China need to be taken especially seriously.
“Critical infrastructure such as power grids, water supplies, and healthcare systems are increasingly interconnected and reliant on digital technologies, making them vulnerable to cyberattacks. A successful attack on these systems could lead to widespread service disruptions, financial losses, and in extreme cases, endanger public safety,” explained Emily Phelps, director at threat intelligence provider Cyware.
“The sophistication and capabilities of Chinese tradecraft, especially against industrial control systems, have risen significantly in the past decade. It’s not a matter of if they will attack but when will threat actors sponsored by China attack U.S. critical infrastructure and will the U.S. be prepared,” added Craig Harber, a security evangelist at Open Systems, who has more than 37 years of experience in national security including at the Department of Defense (DoD) and tenures at NSA and U.S. Cyber Command (USCYBERCOM).
Multiple U.S. government agencies have now published warnings about the real threat of Chinese hackers exploiting vulnerabilities within the U.S. critical infrastructure, and Harber told ClearanceJobs these warnings should be heeded.
The situation is likely to get worse, as new technologies are emerging.
“Unfortunately, infrastructure modernization efforts will only increase these cyber risks in the near term with the emergence of smart technologies deployed to improve these infrastructures’ efficiencies and innovation opportunities,” Harber continued. “Public and private sector resources must strengthen their games to defend these environments better.”
Hackers May Already be “Embed”
A serious danger is that hackers from China are already in many critical infrastructure environments – playing a “long game” where they may be waiting for the right moment to strike.
“Once inside, they maintain a stealthy profile until they are activated. These threat actors can execute various attacks depending on the objective,” said Harber.
Hackers can weaponize a botnet to interrupt services with a Distributed Denial of Service (DDoS) attack, distribute malware to steal sensitive data from a target organization or use ransomware as a cyber extortion tool.
We could see cyberattacks that cause extreme monetary damages and even put individuals in harm’s way.
“Any attack on our critical infrastructure could have lasting implications, especially if it affects our daily routine or way of living,” suggested Al Martinek, customer threat analyst at cybersecurity provider Horixon3.ai.
“Over the past few years, we have seen some highly damaging attacks around the holiday season that led to extreme monetary damages,” Martinek told ClearanceJobs. “The SolarWinds supply chain attack in 2020 and the Log4Shell in 2021 are two massive attacks that changed how companies should proactively assess their networks and systems, even throughout the season of tidings and cheer.”
Increased Velocity and Sophistication
The cybersecurity experts have warned that cyberattacks from China are increasing in velocity and sophistication.
“China is clearly preparing the cyber battlefield to its advantage,” Harber noted. “The public and private sectors must invest resources in identifying and rooting out China-backed attackers from critical infrastructure environments. Active threat hunting within our networks will help ensure the security and safety of our nation’s critical infrastructure.”
Yet, just as American companies need to be diligent, there is the danger that the bad actors will remain one step ahead. As threats grow more sophisticated, so must our defenses.
“Collaboration between government agencies and private sector cybersecurity firms is essential,” said Harber. “Investing in cybersecurity training, adopting a proactive threat intelligence approach, and regularly updating and patching systems can help mitigate the risk of such attacks.”
Martinek further told ClearanceJobs that there needs to be a paradigm shift in how the United States prepares for and responds to cyberattacks.
“Organizations need to start thinking preemptively and act proactively by taking a different approach,” Martinek added. “The only way to do this is by continuously assessing your cyber landscape using an autonomous penetration testing solution to ensure you are safe and stay safe against cyber attacks and attack vectors.”