The People’s Republic of China (PRC) is positioning itself to “physically wreak havoc on our critical infrastructure at a time of its choosing,” according to FBI Director Christopher Wray.
Wray warned that every sector is at risk as the PRC plans to disrupt critical infrastructure to “induce panic and break America’s will to resist.” Highlighting the scale of China’s cyber activity, Wray noted that China’s outsized hacking program is larger than the programs of every other major nation combined.
Even in 2011, Chinese state-sponsored hackers targeted oil and natural gas operators. When faced with a honeypot of decoy documents, hackers exfiltrated sensitive organizational information and data related to supervisory control and data acquisition (SCADA) networks. The hackers left financial and business-related information behind, which led CISA and the FBI to conclude that these strategic intrusions were part of a plan by the People’s Republic of China to position itself for future operations to physically damage or otherwise disrupt pipelines.
Wray emphasized that PRC cyberattacks on U.S. critical infrastructure are “broad and unrelenting.”
Earlier this year, China-sponsored hackers known as Volt Typhoon targeted critical infrastructure in the communications, energy, transportation, and water sectors. These attackers operated a botnet to conceal their activity as they used “living-off-the-land" techniques to exploit tools on victim networks and maintain persistence. The FBI, NSA, and CISA flagged that by infiltrating critical infrastructure, the People’s Republic of China could use that network access to disrupt entire industries as part of its strategy in geopolitical tensions or military conflicts.
Companies can play a central role in protecting critical infrastructure. The FBI recommends the following measures to partner with the FBI and bolster U.S. defences against PRC cyberattacks:
- Resiliency planning: Develop, test, and exercise an incident response plan, which should include identifying crown jewels, having a recovery plan, and contacting the FBI for assistance.
- Hardware and supply chain transparency: Vet vendors, their security practices, and know who is building hardware and software that will have access to the network.
- FBI coordination: Reach out to the local FBI field office for assistance, even before there is indication of a problem, to contribute to the company’s readiness.
Authored by Nathan Salminen and Soojin Jeong.
