On January 31st, leaders in U.S. cybersecurity testified before the House Select Committee on the Chinese Communist Party (CCP).
The focus was on the fundamental flaws in the nation’s critical infrastructure and the urgent need for action. While the takedown of the Chinese hacking operation Volt Typhoon made headlines, the broader issues addressed by the heads of the FBI, CISA, NSA, Cyber Command, and the ONCD (Office of the National Cyber Director) deserve equal attention.
FBI Director’s Major Announcement:
FBI Director Chris Wray unveiled the operation against Volt Typhoon, a state-sponsored hacking group, highlighting its threat to critical infrastructure. This operation aimed to dismantle the group’s access and thwart potential attacks on sectors vital to the nation’s safety and prosperity.
“Steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous. And let’s be clear: Cyber threats to our critical infrastructure represent real-world threats to our physical safety.”
Insights from Committee Leaders: Chair Mike Gallagher contextualized China’s cyber activities, emphasizing a shift from IP theft to another alarming focus on disabling and destroying critical infrastructure in case of conflict.
As Chair Gallagher said: “This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants. There is no economic benefit for these actions. There is no intelligence gathering rationale. The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”
CISA Director’s Perspective:
CISA Director Jen Easterly pinpointed basic flaws in technology that have made the nation vulnerable; that the issue is both a current problem and a legacy one.
The insecure foundation of critical infrastructure stems from a history where speed and features took precedence over security.
Easterly called for a transformation, stressing that technology manufacturers must ensure vulnerabilities are not exploited by cyber actors.
She urged businesses to report cyber incidents promptly, emphasizing the interconnectedness of cyber and national security.
She stressed the need to develop a regime that holds software makers liable for creating defective technology.
Easterly called for a software liability regime based on a measurable standard of care, with a safe harbor for responsible innovation prioritizing security over speed to market or cool features.
“The truth is the Chinese actors have taken advantage of very basic flaws in our technology. We’ve made it easy on them.”
“…Businesses need to prepare for and expect an attack…exercise their critical system so that they can continue to operate through a disruption and recovery rapidly to provide services to the American people.
“Cyber risk is business risk.”
NSA Director and Cyber Command Commander’s Continuous Protection:
General Paul Nakasone emphasized the need for continuous protection against cyber threats. The strategy involves frustrating PRC efforts and systematically eradicating intrusions, necessitating collaboration with the private sector.
“We need a vigilance that continues onward. This is not an episodic threat that we are going to face. This is persistent. We have to have offensive and defensive capabilities.”
Director of the White House Office of the Cyber Director
Director Harry Coker said in his opening statement that if Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations, leveraging accesses like those developed by Volt Typhoon, against U.S. critical infrastructure and military assets.
Such a strike would be designed to deter U.S. military action by impeding U.S. decision-making, interfering with the deployment of U.S. forces, and challenging our ability to project power in the region.
“Such a strike could also impact the American public and the services they rely on
every day.”
The Chinese Societal Panic Strategy:
A theory surfaced regarding China’s intention to induce societal panic in the U.S. By embedding cyber threats into critical infrastructure, the CCP aims to disrupt pipelines, telecommunications, water facilities, and transportation modes.
The ultimate goal is to weaken the U.S. response in the event of a Taiwan invasion.
Final Thoughts:
The cyber threat to U.S. critical infrastructure demands immediate attention and collective action.
The nation’s vulnerabilities, from basic flaws to sophisticated cyber campaigns, underscore the urgent need for a comprehensive and continuous cybersecurity strategy.
And, again, as Congressman Gallagher stated, “This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants.“
Disclaimer: IPProbe.Global is a service to the professional IP community. While every effort has been made to check the information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and is not intended to provide legal or other professional advice.
