Unless you’ve been up in the Cascades searching for the wayward Zebra, there is no doubt you’ve heard the myriad of warnings from various U.S. government entities concerning the threat posed by the Chinese government to the critical infrastructure of the United States.
China is all in
Facility Security Officers need to take heed and not allow the “doesn’t apply to me” rationale to take hold. China is all-in when it comes to collecting information concerning U.S. infrastructure, especially in the defense, intelligence, and energy sectors. The good news is that the United States government isn’t sleeping on this; the not so good news is that industry isn’t doing enough.
Rare is the occasion when the Director FBI, Christopher Wray, is so blunt, as was the case when he spoke at the Vanderbilt Summit on Modern Conflict and Emerging Threats, when he said, “The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
Why is China (or perhaps one should say, has China) been hellbent on getting into the technology and infrastructure of the United States. The technologies is easy to understand – money and shaping tomorrow’s economy with their competitive advantage. The latter isn’t as easy to take on board, though it is absolutely critical FSO’s and their constituents do so. Wray noted, “the CCP (China Communist Party) wishes to prevent the United States from getting in the way of a potential future “crisis between China and Taiwan by 2027.””
Wray concluded his remarks on how private sector, academia and others can position themselves to push back on China’s efforts. He pointed to the need to focus on supply chains; hardware (and the components within); vetting vendors and their security practices; and push for transparency.
CISA has tools for you
Earlier in the year the Cybersecurity Infrastructure Security Agency (CISA) published an advisory which was as crystal clear as Director Wray, “U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure”. The warning provided guidance to help entities to “effectively hunt and detect the sophisticated types of techniques used by the actors such as Volt Typhoon, known as “living off the land.”
In addition, CISA, at no-cost, offers a suite of tools and services as part of their mission to reduce cybersecurity risk across the United States’ critical infrastructure. Within the CISA offerings are three key items/services:
- Connect with your Regional Cybersecurity Advisor
- Signup for Cyber Hygiene Services
- Cybersecurity Performance Goal Assessment
Remember, it is U.S. tax dollars which are paying for services which many go to third parties to have performed, take advantage of these. CISA aligns its efforts with the FBI, DHS, NSA and others to further advance the private sector’s ability to protect themselves and their customers from threats, to include those posed by China.
In conclusion, FSO’s should ensure there are ongoing efforts to hunt and detect within their networks for China’s presence. When the Director FBI says China is waiting “for just the right moment to deal a devastating blow” one should believe him and take actions to ensure that when the attempted blow occurs it does not affect your entity.
