A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
China’s cyber operatives have infiltrated computer networks used to control critical U.S. infrastructure in preparation for future attacks to disrupt American society during a conflict, the director of the National Security Agency warned.
Air Force Gen. Timothy Haugh, who is also commander of U.S. Cyber Command, said Chinese hackers have been pre-positioning cyber tools in ways that are unique in military terms because the operations provide no intelligence value — suggesting the Chinese military is preparing the ground for large-scale sabotage in the future.
“We see attempts to be latent in a network that is critical infrastructure, that has no intelligence value, which is why it is so concerning,” Gen. Haugh told The Wall Street Journal, noting that the dangers are based on the types of infrastructure targets and how they are being targeted.
The fears are based on what government and private security experts call China’s “Volt Typhoon” cyber targeting program, which has gained access to controls for water systems on Guam, a key military hub in the Pacific.
The NSA and Microsoft revealed the intrusion program in May 2023 and officials say the problem is continuing. Microsoft said the targets included communication, transportation, maritime and other sectors.
The NSA director’s comments come as the Indo-Pacific Command and Pentagon are concerned that mounting tensions with China over Taiwan, South China Sea and East China Sea territorial disputes could set off a conflict.
Analysts say a first step in such a conflict could be cyberattacks targeting U.S. computer networks, mainly owned by private companies, that operate key infrastructure used to control electric power, transportation, communications, water, finances and other systems.
Sabotaging those networks would cause massive disruptions and potentially a large-scale loss of lives.
Gen. Haugh said a key threat is China’s targeting of water systems.
“It is very difficult to come up with a scenario where targeting a water supply for a civilian population, even if part of that population is also military, is an appropriate target,” he said. “And so I think that’s an area that just brings pause.”
“From a military perspective, it is inconsistent with how we would approach a proportional military necessity target,” he said.
China’s People’s Liberation Army is said to utilize a strategy outlined by two colonels in 1999 called “unrestricted warfare,” calling for using all forms of warfare to win in battle.
Gen. Haugh said Volt Typhoon hackers have targeted U.S. military networks in ways similar to the infrastructure intrusions. The military is “very vigilant” against the threat, he said, adding he suspects other areas of penetration by Beijing will be discovered.
FBI Director Christopher Wray and Energy Secretary Jennifer Granholm are among those who have discussed the threat. Gen. Haugh said the U.S. government is going public about the threat to “make the tradecraft widely known,” he said.
Gen. Haugh said Chinese cyber operations designed to steal data are more easily spotted. Current cyber defenses can determine how much data was taken and where it was sent.
But for the infrastructure intrusions, “we don’t see that,” he said.
Volt Typhoon hackers use a technique security officials call “living off the land,” gaining access to a restricted network by posing as an authorized user, and then using tools within the system to prepare for future sabotage.
Ms. Granholm and Jill Hruby, director of the National Nuclear Security Administration, revealed in Senate testimony in April that Volt Typhoon had gained access to critical energy infrastructure.
The activity “should alarm all of us,” they said in joint testimony.
Mr. Wray also warned in a recent speech on the infrastructure intrusions. The FBI shut down Volt Typhoon hackers who had obtained long-term access to the control networks, he said.
Gen. Haugh warned that Chinese cyberattacks against U.S. networks are increasing in both number and sophistication. NSA is working with U.S. companies and the Indo-Pacific Command to defend against the targeting.
Chinese government spokesmen in the past have denied any involvement in Volt Typhoon operations.
Cyber Command also is working closely with U.S. allies to bolster their defenses against Chinese cyber threats.
“We’ve found really strong partners that want to just be able to ensure they’ve got well-defended networks, that they’re also being able to have defended critical infrastructure and that their economy can operate unimpeded,” the general said.
This post was originally published on the 3rd party site mentioned in the title of this this site