China’s Latest Cyberattack Is an Active Threat to Critical US Infrastructure
Microsoft flagged yet another active threat to U.S. critical infrastructure Wednesday afternoon. The warning lights have been blinking red for some time, and they have signaled a clear shift in the tactics of our adversaries—they intend to disrupt civil society for geopolitical and military gains.
Volt Typhoon, a Peoples Republic of China-sponsored hacking group, has been stealthily targeting various critical infrastructure sectors by utilizing compromised network appliances, sensors, routers, and other devices with an internet connection—i.e., the Internet of Things. Through Volt Typhoon, the PRC is attempting to access and develop capabilities that could be used to disrupt communications, commerce, and transportation between Asia and the United States.
Microsoft’s alert revealed that since mid-2021, Volt Typhoon has been targeting the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors in Guam and elsewhere in the U.S. This should come as no surprise, as we have observed over the past decade how Russia conducted cyberespionage on a variety of critical infrastructure sectors in preparation for future cyberoperations or as part of a larger military campaign, like the invasion of Ukraine.
While China has engaged in similar cyberespionage behavior in the past—such as targeting the U.S. oil and gas sector—the incidents were not viewed as indicative of potential attacks. Those incidents were likely viewed through a perverse lens of “normative” behavior conducted by nation-states.
How to address the PRC’s persistent cyberespionage operations represents a core question for national security policymakers. These operations are not only aggressive and potentially dangerous, but they also demonstrate the PRC’s intentional trajectory toward conflict over Taiwan.
Microsoft’s Threat Intelligence team’s statement points to Beijing’s motives and its belief that there will be no repercussions from the current U.S. administration: “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
There are two key take-aways from Wednesday’s news from Microsoft: 1) Chinese President Xi Jinping has consistently brushed aside diplomacy while actively preparing for potential conflict with the U.S. and 2) detection of such attacks remains a key gap for critical infrastructure cybersecurity.
Some pundits will attempt to downplay or dismiss the threat from China by highlighting the “routineness” of cyberespionage and pivoting to talk about emerging risks like polymorphic malware or AI as potentially more critical threats, yet the underlying facts have not changed: As technology integration in business, government, industry, and everyday life increases, cyber vulnerabilities increase. China remains committed to Xi’s vision for a new world order.
Despite this administration’s dramatic increase in the cyber bureaucracy, including the release of yet another National Cyber Strategy and establishing an Office of the National Cyber Director, what concrete steps have been taken to reduce our national risk?
More policies and more people are themselves not a solution. The Department of Homeland Security and other federal stakeholders have been given authorities to be proactive in their approach to cybersecurity. However, the model the government has embraced is a flat-footed and clumsy approach that keeps them in a constant state of response and recovery—awaiting alerts from the private sector and then managing damage-control messaging afterward.
Instead of waiting for the private sector to decide to share information, DHS must become forward-leaning and take meaningful steps toward addressing the risk and mitigating cyber threats to our critical infrastructure.