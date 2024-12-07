China poses the most active and persistent cyber threat to U.S. critical infrastructure, but that threat has changed over the past two decades, according to the Cybersecurity and Infrastructure Security Agency (CISA).

“I don't think it's possible to design a foolproof system, but I don't think that should be the goal. The goal should be to make it very difficult to access,” said Cris Thomas, sometimes known under the name Space Rogue, member of Space Rogue. of L0pht Heavy Industries, said in testimony before the Governmental Affairs Committee on May 19, 1998.

L0pht Heavy Industries participated in one of the first congressional hearings on cybersecurity threats. Members of the group warned that it was possible to take down the Internet in 30 minutes and that it was almost impossible to create a 100% foolproof defense system. It also encountered difficulties in determining the origin of the threats.

“Backtracking and reverse hacking is a relatively tricky area. Based on the relatively outdated protocols you're dealing with, there's not a huge amount of information about where things came from, just where they came from ” said another member of the group. , Peiter Zatko, who testified under his code name “Mudge”.

By the time the hearing took place, China was probably already at work. In the early 2000s, the U.S. government became aware of Chinese espionage targeting government entities. A series of operations known as Titan Rain began as early as 2003 and included hacks against the U.S. Departments of State, Homeland Security, and Energy. The public became aware of the attacks several years later.

At that time, current CISA Director Jen Easterly was deployed to Iraq to investigate how terrorists were using new technologies.

“I actually started in the world of counterterrorism, deployed to Iraq and saw how terrorists used communications technology for recruitment, radicalization and implementation of “improvised explosive devices,” Easterly said.

At that time, the U.S. government was investing in cyberwarfare. The Bush administration had ordered studies of computer network attacks, but officials ultimately expressed concern about the extent of the damage the attacks could cause. Instead, the United States adopted a more defensive posture, focused on defending against attacks.

“When I was part of the Army's first cyber battalion and involved in setting up U.S. Cyber ​​Command, we were very focused on nation-state adversaries,” Easterly said. “At the time, China was really an espionage threat that we were focused on.”

Threats from China would eventually intensify. According to the Council on Foreign Relations' Cyber ​​Operations Tracker, in the early 2000s, Chinese cyber campaigns focused primarily on spying on government agencies.

“Officials have viewed China’s aggressive, large-scale espionage as the primary threat to American technology,” warned Sen. Kit Bond, R-Mo., in 2007.

At that time, China had a history of spying on American innovation and using it to replicate its own infrastructure. In 2009, Chinese hackers were suspected of stealing information from Lockheed Martin's Joint Strike Fighter program. Over the years, China has launched fighter jets that look and operate like American planes.

Chinese hackers outnumber FBI cybersecurity personnel by at least 50 to 1, according to Wray.

“China poses the most significant threat to the United States,” Easterly said. “We are focused on doing everything we can to identify Chinese activity, root it out, and ensure we can defend our critical infrastructure against Chinese cyber actors.”

In 2010, China shifted its focus to the public sector and began targeting telecommunications companies. Operation Aurora was a series of cyberattacks in which actors conducted phishing campaigns and compromised the networks of companies like Yahoo, Morgan Stanley, Google and dozens of others. Google left China after the hacks and has yet to return its operations to the country. At the turn of a new decade, evidence emerged that China was also spying on critical infrastructure in the United States and abroad.

“Now we view them as a threat to conduct disruptive and destructive operations here in the United States. It's really a development that, frankly, I hadn't been following and I was quite surprised when we saw this campaign,” Easterly said.

The Council on Foreign Relations Cyber ​​Operation Tracker reveals that China has frequently targeted commercial and military operations in the South China Sea, and one of its favorite targets over the past decade has been Taiwan.

“We have seen these actors burrow deep into our critical infrastructure,” Easterly said. “It's not for espionage, it's not for data theft. It's specifically so they can launch disruptive or destructive attacks in the event of a crisis across the Taiwan Strait.”

Taiwan is the world's largest producer of semiconductors, and the data shows how China has spied on every company involved in every part of that supply chain, from mining to semiconductor producers.

“A war in Asia could have very real impacts on American lives. We could see pipelines explode, trains derailed, water polluted. This is very much part of China's plan to ensure that it can incite societal panic and deter our ability to mobilize military power and the will of citizens. This is the most serious threat I have seen in my career,” Easterly said.

China's public and private sectors are closely linked by regulation, unlike in the United States, where partnerships are essential for defense.

“Ultimately, this is a team sport. We work closely with our intelligence community and our military partners in U.S. Cyber ​​Command. And we must work together to ensure that we leverage all of the tools of the U.S. government and, of course, working with our private sector partners,” Easterly said.

“They own the vast majority of our critical infrastructure. They are on the front lines. Therefore, ensuring that we have very strong operational collaboration with the private sector is critical to successfully ensuring the safety and security of cyberspace.”