China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on U.S. critical infrastructure, the directors of the FBA, NSA, and the Cybersecurity and Infrastructure Security Agency, or CISA, told lawmakers on Wednesday.
The Volt Typhoon hacking group is planting malware on network routers and other internet-connected devices that could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans.
China is known for cyber attacks that cause real-world harm. While Russia targets U.S. political campaigns and Ukrainian power plants, China is best known for cyber theft, but Volt Typhoon, which Microsoft revealed last May, represents something far more threatening.
A senior NSA official said that China is prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing to disrupt military activities or distract the U.S.
FBI Director Christopher Wray underscored the seriousness to lawmakers, stating that PRC hackers are targeting critical infrastructure and are preparing to wreak havoc and cause real-world harm to American citizens and communities.
CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption. She said that escalation shows that China is preparing the digital landscape for possible military activity.
Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect U.S. military operations, describing the potential impact as “significant.”
U.S. national security leaders believe China is vulnerable to bad press and negative public opinion, more so than Russia. So the United States and other countries may be able to convince Chinese authorities that fostering groups like Volt Typhoon pose an unacceptable risk.
Last year’s drama over the Chinese spy balloon shows that not every event linked to Chinese military activity represents the will of top leadership. Sometimes commanders undertake entrepreneurial operations and when those cause harm to public perception, higher authorities can step in to stop the behavior.
Wray also disclosed yesterday that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.