China has made its way into critical American cyberinfrastructure without being detected for over a year. The known targets include the water utility in Hawaii, a port on the U.S. West Coast, and an oil and gas pipeline. The goal is for China to leverage a position over the United States to create chaos, cause panic, and disrupt logistics.
The scope and impact of China’s Volt Typhoon cybercampaign
Hackers tied to China’s People’s Liberation Army have gained access to more than two dozen critical systems, according to a Washington Post report. The newly revealed information provides a more complete understanding of the Volt Typhoon cybercampaign, which was initially identified by the U.S. government around a year ago.
You may remember how a single ransomware attack on the Colonial Pipeline sharply ran up fuel prices and caused lines of cars to wait hours to refill at gas stations up and down the eastern seaboard. It was the moment that Americans got the first glimpse of the effect of a cyberattack and made it a central issue for the Department of Homeland Security.
China’s stepped-up cybercampaign is a significant change
The director of the DHS Cybersecurity and Infrastructure Security Agency (CISA) is reported as saying this is a significant change from Chinese cyberactivity from seven to 10 years ago which was focused primarily on political and economic espionage.
The goal of any threatening campaign like this is to establish a pre-positioned advantage able to trigger a cascading cyberattack that compromises American infrastructure. An attack on many of these systems would be able to disrupt or destroy control and cause chaos inside the United States.
In many parts of the U.S., core utilities are managed by private industry. Each company operates differently than another. Some are more resilient than others, and many remain vulnerable to stealthy attacks by Chinese hackers to infiltrate and gain control of systems without being detected.
One attempt to break into a power grid privately operated in Texas is now becoming known. Several electric utilities outside the U.S. have been compromised, according to the report.
Why target Hawaii?
Short answer: Taiwan. The island of Oahu is home to the Pacific Fleet. China’s ability to disrupt the U.S. military response to a potential conflict that would require deploying troops and equipment could weaken America’s timely activation of critical movement.
How Chinese hackers are getting access to U.S. critical systems
Often it comes down to the use of readily available malware and a lapse in security through human deception. Chinese hackers were able to blend in with common network traffic to evade detection in a technique security experts call “living off the land.”
How to protect against Chinese cyberattack
On a broad scale, the NSA, along with other government bodies, advises a widespread update of passwords and enhanced supervision of accounts with elevated network access privileges.
Additionally, they advocate for businesses to implement more robust multifactor authentication methods. Instead of SMS-based verification, which can be vulnerable to interception by foreign entities, the use of physical security keys or hardware tokens is recommended.
For individual Americans to safeguard themselves against similar cybersecurity threats, it is crucial to:
1) Regularly update and strengthen passwords, avoiding common words and phrases, and using a mix of characters, numbers, and symbols. Consider using a password manager to generate and store complex passwords.
2) Enable multifactor authentication on all personal accounts, opting for app-based authenticators or physical security keys when available.
3) Stay vigilant against phishing attempts by not clicking on suspicious links or downloading attachments from unknown sources.
4) Keep all software, including antivirus and operating systems, up to date with the latest security patches. See my review of the Best antivirus protection here for options.
5) Be cautious about the amount of personal information shared online, as this can be used to facilitate targeted attacks.
By taking these steps, you can create multiple layers of defense against potential cyberintrusions.
Kurt’s key takeaways
The Volt Typhoon cybercampaign by China poses a serious threat to the national security and economic stability of the United States. By targeting critical infrastructure systems, such as water, power, and oil, China aims to gain a strategic advantage over the U.S. and potentially disrupt its military response in the event of a conflict over Taiwan.
The U.S. government and the private sector need to work together to beef up their cybersecurity defenses and resilience against such attacks. Also, you and I need to take proactive steps to protect our personal data and devices from malicious hackers. Cyberwarfare between the U.S. and China is not a hypothetical scenario, but a reality that requires urgent attention and action from all of us.
How do you feel about the threat of Chinese cyberattacks on U.S. critical infrastructure? Do you think the U.S. government and private sector are doing enough to protect themselves and the public? Let us know by writing us at Cyberguy.com/Contact.