CHINA WATCHU.S. Critical Infrastructure May Not Be Resilient Enough to Fend Off, Survive Chinese Cyberattacks: CISA Director

By Jeff Seldin

Published 13 June 2023

Americans “need to be prepared” for Chinese cyberattacks, U.S. cyber official said, because the United States may not be resilient enough to fend off and survive Chinese attacks on its critical infrastructure should the present great power competition between Washington and Beijing evolve into an actual conflict.

The United States may not be resilient enough to fend off and survive Chinese attacks on its critical infrastructure should the present great power competition between Washington and Beijing evolve into an actual conflict, according to a top U.S. cyber official.

U.S. officials have ramped up efforts to bolster cybersecurity for the country’s electric grid and water systems — much of them run by private companies — since Russia’s invasion of Ukraine last year, but the head of the Cybersecurity and Infrastructure Security Agency (CISA) warned Monday that more precautions need to be taken in case China decides to strike.

In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to include pipelines and rail lines to delay military deployment and to induce societal panic,” CISA Director Jen Easterly told an audience at the Aspen Institute in Washington.

Given the formidable nature of the threat from Chinese state actors, given the size of their capability, given how much resources and effort they’re putting into it, it’s going to be very, very difficult for us to prevent disruptions from happening,” she said.

And what worries her just as much as the cyberattacks themselves is the ability of Americans to repair any damage while also being able to demonstrate the strength to carry on.

We as an American people need to understand not just cyber resilience, but the imperative of operational resilience and the importance of societal resilience,” Easterly said. “I worry, frankly, that we’ve lost a bit of societal resilience.”

This is not the first time that key U.S. officials have warned about China’s ability to inflict considerable damage using cyberattacks.

Most of the warnings have centered on scenarios in which China tries to take Taiwan by force.

“If the Chinese have a plan to invade Taiwan in 2027, I would expect they have a cyber plan to go along with that,” a senior defense official told reporters this past April.

Other U.S. officials have warned that China could use a series of cyberattacks against Taiwan and the U.S. as part of an opening blow aimed at minimizing Washington’s ability to help fend off the incursion.

China rejected the U.S. assertions.

We have always firmly opposed and cracked down on all forms of cyber hacking in accordance with the law,” Chinese Embassy spokesperson Liu Pengyu told VOA in an emailed statement.

The allegation by the U.S. side that the Chinese government is ‘supporting hacking’ is completely distorting the truth,” Liu added, accusing the U.S. itself of engaging in “large-scale, organized and indiscriminate cyber theft and monitoring of foreign governments, enterprises, and individuals.”

Easterly has also warned that Beijing will likely seek to create “panic and chaos” in cyberspace ahead of any move on Taiwan.

And just last month, CISA, along with partner agencies in Australia, Britain, Canada and New Zealand, warned of activity by a Chinese threat actor known as Volt Typhoon, which had been targeting networks linked to U.S. critical infrastructure.

On Monday, however, Easterly said recent incidents like the Colonial Pipeline ransomware attack and the scare from China’s high altitude spy balloon have given her cause for concern beyond a scenario involving Taiwan.

We need to be prepared to be able to respond, recover, learn from disruptions and to be able to move forward in a way that we can continue to operate our critical services and our networks and our businesses even under the threat of Chinese state actors who want to hold that critical infrastructure at risk,” she said.

To improve American resilience, Easterly said CISA could soon launch a “Shields Up” awareness campaign focused on China, similar to the one it launched following Russia’s invasion of Ukraine.

The ongoing campaign encourages private companies to take additional security precautions to protect against potential cyberattacks by Russia itself or by criminal hackers working on Moscow’s behalf.

Jeff Seldin is VOA national security reporter.  This article is published courtesy of the Voice of America (VOA).