Traditionally known for stealing industrial secrets and conducting corporate espionage, Chinese state hackers are allegedly adopting a more aggressive approach toward the U.S. and its critical infrastructure providers, compromising targets such that they could be sabotaged in future offensive cyberattacks.
Companies that operate in the critical infrastructure space must respond accordingly by shifting their own defenses into high gear and taking an active partnership role with the federal government, say U.S. officials, who are ringing alarm bells over the potential physical destruction or societal disruption that Chinese APT groups could inflict.
In Congressional testimony this past January, U.S. Director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly cautioned that malicious actors from the People’s Republic of China (PRC) over the last two years have been “seeking to compromise U.S. critical infrastructure to pre-position for disruptive or destructive cyberattacks… in the event of a conflict to prevent the United States from projecting power into Asia or to cause societal chaos inside the United States.” Such attacks could be launched against assets such as gas pipelines, transportation systems or water treatment facilities, she noted.
Easterly testified that the U.S. has already discovered organizations that were compromised by the Chinese APT group Volt Typhoon, via sophisticated “techniques that make finding and remediating such intrusions more challenging than with more commonly used tactics.”
“To give just one example, the FBI has identified PRC-backed hackers who gained access to the computer networks of a major U.S. transportation hub,” stated FBI Director Christopher Wray, in his own written testimony. “In this case, the FBI quickly alerted the network operators to the particular portion of their network that had been compromised and assisted with fixing the vulnerabilities.”
This testimony came on the heels of a separate communication from CISA and the FBI, which advised companies against using Chinese-manufactured drones in their operational environments, due to the risk of Chinese state actors stealing data or compromising networks via these IoT devices.
Make no mistake: Public warnings like these cannot quell such threats by themselves. Critical infrastructure operators must remain proactive against these risks through robust threat hunting, detection and mitigation efforts. Fortunately, there are federal programs and offerings that targeted organizations can leverage to improve their overall security posture.
For starters, Easterly specified that nearly 30 critical infrastructure facilities are already using CISA’s CyberSentry threat detection and monitoring platform, which “provides us with persistent visibility into adversary activity targeting select critical infrastructure networks and the ability to support urgent mitigation where activity is identified.”
Additionally, CISA provides attack surface management services to help companies sweep their Internet-facing systems for known vulnerabilities that could serve as an attack vector for APTs like Volt Typhoon. The agency also has cyber advisors who conduct Cybersecurity Performance Goals assessments on critical infrastructure organizations, and it runs a Shared Services Pilot program to support entities like water utilities and hospitals that are often short on cyber resources, Easterly continued.
For assistance with shared intelligence services and defense planning, companies can also take part in CISA’s public-private Joint Cyber Defense Collaborative (JCDC) initiative – not to mention join their own industry’s ISAC or ISAO for additional intel. And to enhance their security posture and resilience, manufacturers can leverage CISA’s Shields Ready campaign.
All of these government services are part of a greater plan to tackle a burgeoning threat that Easterly said “requires a coordinated response to drive comprehensive risk reduction.”