Beijing could be planning to launch a directed cyberattack at critical U.S. infrastructure, the head of the FBI told House lawmakers earlier this week. Director Chris Wray warned that Chinese government hackers could target water treatment plants, the electrical grid, transportation systems, and other critical infrastructure inside the United States.
In prepared remarks to the House Select Committee of the Chinese Communist Party, Wray further suggested that there has been “far too little public focus” on cyber threats that could impact every American.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” the FBI director added.
The committee, chaired by Rep. Mike Gallagher (R-Wisconsin), was established last year with a mandate of countering China. It is focused on American economic and security competition with the Chinese Communist Party (CCP), the party-state that has a monopoly over the governance of the People’s Republic of China.
Beijing has called recent accusations that it is preparing a cyberattack groundless.
Is Enough Being Done to Counter An Attack?
The warnings that Chinese hackers are targeting U.S. cyber interests aren’t new, and companies including Microsoft and Mandiant have issued reports highlighting the threat. Historians have suggested nations have often been asleep” when the path to conflict should have been obvious.
The question is whether entities of all levels within the United States are heeding the warnings of such an attack.
“While there have been significant efforts to address threats to critical infrastructure, the evolving nature of cyber threats requires continuous adaptation and enhancement of our defenses,” said Lisa Plaggemier, executive director at the National Cybersecurity Alliance.
“The testimony by FBI Director Christopher A. Wray underscores the urgency of the situation, with China intensifying hacking operations targeting U.S. power grids, oil pipelines, and water systems,” Plaggemier told ClearanceJobs. “The government has taken steps, including obtaining court orders to access servers used by hacking networks, but more comprehensive measures are needed.”
To address the threats effectively, she suggested there should be increased collaboration between government agencies, private sector entities, and cybersecurity experts.
“Regular and thorough assessments of critical infrastructure vulnerabilities must be conducted, and information-sharing mechanisms should be strengthened,” Plaggemier continued. “Furthermore, incentivizing small businesses and local governments to report suspicious activities and investing in advanced cybersecurity technologies are crucial steps in fortifying our defenses against cyber threats to critical infrastructure.”
The Threat Vector
We could expect a variety of cyberattacks to be carried out, which could require several steps to bolster our defenses.
“The potential types of cyber attacks on critical infrastructure are diverse, ranging from ransomware attacks on outdated systems to sophisticated infiltration of network infrastructure,” warned Plaggemier. “The recent testimony highlighted the actions of the hacking group Volt Typhoon, which compromised routers to create sleeper cells, emphasizing the need for a multifaceted defense strategy.”
The key to bolstering our defenses will include significant investment to update and secure outdated systems. That should be seen as imperative.
“Implementing robust cybersecurity training programs for employees, especially within small businesses and local governments, can enhance overall awareness and response capabilities,” Plaggemier continued. “Additionally, the development and implementation of advanced intrusion detection and prevention systems are crucial for early threat detection and mitigation.”
International cooperation is also being seen as essential to address the transnational nature of cyber threats.
“Regular threat intelligence sharing between nations and the private sector can improve our collective ability to anticipate and respond to emerging cyber threats,” Plaggemier noted. “By adopting a proactive and collaborative approach, we can strengthen our defenses against a broad spectrum of potential cyber attacks on critical infrastructure.”