In the latest warning underscoring the danger to U.S. critical infrastructure from Chinese hackers, FBI Director Christopher Wray told a conference in Nashville, Tennessee on Friday that Beijing is poised “for just the right moment” to unleash chaos upon the American grid.
The remarks were made at a security forum at Vanderbilt University, in which Wray described a “broad and unrelenting” campaign of cyberespionage from China spearheaded by a group known as “Volt Typhoon.”
This isn’t the first time that intelligence officials have “named and shamed” China over Volt Typhoon, Axios reported, noting that warnings of the operation began nearly a year ago. However, as the outlet said, the “group has displayed a persistence that’s rare among nation-state hackers” — even after sanctions were levied against China last month for another hacking operation linked to the government, this one targeting lawmakers, defense contractors and Chinese dissidents.
That round of sanctions came because of another Beijing-linked operation that is nicknamed “APT31,” or “Advanced Persistent Threat 31,” Reuters reported. It’s attempted to infiltrate a laundry list of scary targets, up to White House staffers, American senators and U.K. Parliament members.
However, the impact of APT31 could have nothing on Volt Typhoon, as Wray noted in his Vanderbilt remarks.
“The fact is, the PRC’s [People’s Republic of China] targeting of our critical infrastructure is both broad and unrelenting,” Wray told the conference, according to prepared remarks, adding that threats like Volt Typhoon were, in part, “driven by the CCP’s aspirations to wealth and power.”
The Chinese Communist Party, he said, wants to “seize economic development in the areas most critical to tomorrow’s economy.”
“It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” he said.
Not only that, but the threat is something that America has known for over a decade, starting in 2011. Furthermore, analysis of their behavior by one pipeline operator hinted at what China plans to do if given the chance.
Is Joe Biden strong enough to take on China and win?
“When one victim company set up a honeypot — essentially, a trap designed to look like a legitimate part of a computer network with decoy documents — it took the hackers all of 15 minutes to steal data related to the control and monitoring systems, while ignoring financial and business-related information, which suggests their goals were even more sinister than stealing a leg up economically,” Wray said.
In terms of Volt Typhoon, Wray said the FBI determined the CCP had access, via the hacking group, to absolutely terrifying targets, including “critical telecommunications, energy, water, and other infrastructure sectors.”
Now, granted, the FBI can do plenty of fighting back on its own. When a hack of Microsoft Exchange in 2021 by Volt Typhoon “targeted networks across a wide range of sectors,” the Bureau and Microsoft worked together in order to effect “a first-of-its-kind surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers .”
Wray added that when the FBI learned of malware on critical infrastructure, they acted “to identify the threat vector and conduct a court-authorized operation — in coordination with others — to not only remove Volt Typhoon’s malware from the routers it had infected throughout the U.S., but also to sever their connection to that network of routers and prevent their reinfection.”
However, there are a number of issues preventing prophylaxis against a Volt Typhoon attack, starting with the fact that, according to experts that Axios talked to, “clamping down on the activity requires a level of coordination among critical infrastructure operators that doesn’t really exist.”
“For example, the overall U.S. water system has at least 150,000 individual systems, each run by different entities and individuals,” the outlet noted. “To keep Volt Typhoon out, each system operator would need to be able to prioritize software upgrades, password resets and other CISA advice.”
If U.S. infrastructure is that uncoordinated and “the tactics that Volt Typhoon uses to obfuscate its activities, gain access to a network, and maintain that access are relatively easy for any skilled hacker to do” — which they are, an expert told Axios — the second issue is one of political deterrence, or lack thereof.
Take an unrelated — but telling — exchange the leaders of China and the United States had at a summit last December in San Francisco.
During the meeting, Chinese President Xi Jinping reportedly told U.S. President Joe Biden, quite bluntly, that the CCP had already reached a decision to “reunify” Taiwan with the mainland — which is to say, they would be invading it, since Taipei has no inclination toward a German-style reunification jubilee, judging by the fact it just voted in another pro-independence, anti-Beijing president.
He provided no timetable and said that none was worked out. However, this was the president of one world power bluntly telling the president of another he was invading one of its allies sometime — they’d decide when — and, you know, tough marbles if you’ve got an issue with that.
Yes, one could make the argument that both the U.S. and China have always done a coy dance around the “One China” policy — the rather vague agreement on both sides that Taiwan and the People’s Republic of China are one entity, sorta, although the details have to be laboriously worked out and any sort of unilateral move may or may not precipitate World War III.
San Francisco was Xi abandoning coyness. “What’re you going to do about it?” the unspoken question to President Biden was. It was asked because Xi knew, in his heart of hearts, that our 46th president had no answer to that. One imagines that former President Donald Trump — never a fan of China or of Xi — would have been less easy to push around in this manner.
Only so much deterrence can be achieved through target-hardening and going after bad state-linked actors like Volt Typhoon — neither of which the United States seems to have had particular success with so far, anyway, judging both from Wray’s remarks at Vanderbilt and the reporting surrounding it.
Instead, the best deterrence against a massive cyberattack is fear — the fear of proportionate and devastating reprisals if the cyberespionage continues. You can hear the unspoken question from Xi through his confederates at Volt Typhoon: “What’re you going to do about it?”
Christopher Wray, the FBI and those who maintain America’s critical infrastructure can do all they can. In the end, though, the answer to that question ends at the very top. And the man at the very top, it seems all too often, could not even answer when asked what office he holds.
Sleep soundly, America.