Rising cyber threats to U.S. infrastructure from China, Russia, and Iran

Cross-border efforts shed light on the scope of China’s malicious cyber operations, with indictments and sanctions brought against Chinese government-linked hackers last week for targeting foreign government officials, lawmakers, politicians, voters and businesses. A revelation was made. The charges brought by the US, UK and New Zealand focused primarily on espionage and data theft, but also included what US officials and experts said were alarming advances in China’s cyber tactics.

The main charges against the seven Chinese nationals were brought by the U.S. Department of Justice, but the Treasury Department’s Office of Foreign Assets Control has linked two of them to China’s Ministry of State Security for targeting U.S. critical infrastructure. announced sanctions against companies. Texas energy company and defense contractor that manufactures flight simulators for the US military.

“What is most alarming about this is not the theft of data or theft of intellectual property, but the deep penetration of critical infrastructure with the purpose of launching destructive or devastating attacks in the event of a large-scale conflict.” That’s the focus,” Jen Easterly said. The head of the US Cybersecurity and Infrastructure Security Agency (CISA) said this in an interview.

CISA defines critical infrastructure sectors as sectors whose destruction would have a “debilitating impact” on the economy, national security, public health, and safety, and includes 16 categories, including communications, defense, manufacturing, energy, agriculture, water, and transportation. It is classified into

The most high-profile attacks on these sectors in recent years, against Colonial Pipeline, meat producer JBS, and government systems operator SolarWinds, have been attributed to Russian groups. But last year, U.S. government agencies discovered malware linked to a Chinese hacker group known as Bolt Typhoon in systems in Guam, where a major U.S. military base is located. Easterly said he has since discovered more examples.

“In fact, we have spent time with hunting teams finding and eradicating Chinese cyber adversaries within critical infrastructure,” she said. “The threat is not theoretical.”

Experts said China’s increased activity reflects less an increase in capabilities and more a shift in ambition and focus amid increased competition with the United States. “I think they’re getting more and more brazen to the point where the U.S. government decides they need to publicly denounce their actions,” said Katie Brooks, director of global cybersecurity policy at Aspen Digital. Ta.

Protect America’s critical infrastructure systems Preventing attacks from malicious cyber attackers is “extremely difficult,” says the co-founder and CEO of cybersecurity firm NetRise, who previously served on the U.S. Department of Energy’s Cyber ​​Response and Detection Team. said Thomas Pace, who led the group. They are widely distributed, many running on outdated systems that were not built with cybersecurity in mind or built by private parties without government authority.

“We have a serious resource problem. The idea is to create a water municipality in Mobile, Alabama, to stop the Chinese from coming in, but there is no world in which that would be true,” Pace said.

Brooks described the U.S. infrastructure environment as “target-rich, resource-poor.”

The Biden administration has made cybersecurity and defense a priority and is seeking to establish core obligations for industries to ensure cybersecurity protections.

The idea is to “enable agency regulators to set and enforce minimum cybersecurity standards,” said Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies. ” he said. “I think the average American believes that hospitals and water systems have minimal cybersecurity protections in place,” she says. “It’s interesting how much resistance there was and how much the president actually changed the situation because he recognized it was unsustainable.”

Much of the problem lies in updating and upgrading older systems that manage critical infrastructure. CISA and Easterly have repeatedly emphasized the importance of building online design” is proposed. Additional legal protection For companies integrating cybersecurity into the manufacturing of their systems. While this movement has gained momentum over the past year, it has primarily focused on new systems, leaving significant gaps in older systems.

“meanwhile [China] Although they are sophisticated cyber attackers, many of the techniques they used to infiltrate critical infrastructure are not. They’re taking advantage of known product defects,” Easterly said. “We need to prioritize decommissioning some of our legacy technologies.”

China is becoming a broader threat, but Other U.S. adversaries continue to pose significant challenges to U.S. cyber defenders. The Russian-speaking ransomware group, which cuts off access to online systems unless a large payment is made, has been linked to his late February attack on Change His Healthcare, a major insurance payment platform. This caused hospitals and hospital payment systems to go down. Pharmacies nationwide.

Russian state-sponsored hackers were also blamed violation This year, tech giants Microsoft and Hewlett Packard Enterprise have increased their share of core systems. And late last year, a joint report said cyber attackers linked to Iran had breached water systems across “multiple U.S. states.” recommendation By agents in the United States and Israel.

“I described this as an ‘everything, everywhere, at the same time’ scenario. We could see multiple devastating attacks on critical infrastructure, and that would be a threat to the American people and the owners and operators of critical infrastructure. We need to make sure it’s safe. We’re ready,” Easterly said.

in letter Last month, National Security Adviser Jake Sullivan and Environmental Protection Agency Administrator Michael Regan warned state governors about possible cyberattacks on water systems across the country. There is a lack of resources and technical capacity to implement rigorous cybersecurity practices. ”

Neuberger said multiple sectors suffer from similar vulnerabilities. “In the case of the healthcare sector, this is ironic as hospitals and healthcare organizations rank last of all sectors in terms of cybersecurity protection, yet they are the most affected by disruptions,” he said. , adding that the range of targets is wide. The range that hostile hackers are willing to target has also expanded. “We once believed that criminals would leave hospitals alone. Attacks on hospitals increased by 80% in the last quarter of 2023.”

Neuberger said the government will likely implement additional cybersecurity requirements for hospitals and health care providers, especially those participating in Medicare and Medicaid. “If there is a blood spill in a hospital, there are requirements for how quickly the blood has to be cleaned up. There have to be requirements for how quickly critical patches need to be patched,” she said. said. Attacks like the one against Change Healthcare are a wake-up call for businesses, she added. Theoretical risks become real. ”

Another priority is making sure businesses and local governments know what to do in the event of an attack.Last week, CISA published New proposed rules for reporting critical infrastructure cyber incidents would require companies to report significant cyber attacks to government agencies within 72 hours and pay ransoms within 24 hours.

“This is not a question of preventing. This is really a question of building resilience so that we can deal with these disruptions, respond, recover quickly, and continue to serve the American people. ,” Easterly said.

Efforts by adversaries to disrupt U.S. systems are likely to further escalate in the months leading up to the November presidential election, as well as potential attempts by China and Russia to influence the election. There are also efforts by US intelligence agencies to warn of this. “I think all of these attackers are looking for vectors of instability,” Brooks said. “So while elections are, by definition, supposed to be free, fair and democratic, they are also in many ways destabilizing because they create the possibility of regime change.”

In addition to strengthening domestic defense, Similar to last week’s coordinated action by the US and UK against China, the US government is also working to strengthen international cyber partnerships and alliances, and New Zealand has followed suit.more than a dozen countries signed on While CISA’s Secure by Design efforts strengthen, the Biden administration’s international anti-ransomware initiative launched in 2021 now includes efforts such as: Over 60 countries.

“The first element of our strategy was to set the rules of the road and build international alliances, because the world’s Internet is one and the only way to counter threats is by working with partners. Because it’s true,” Neuberger said.

“It’s absolutely essential,” Easterly said. “Cyberspace knows no borders, and many of the owners and operators of critical infrastructure are global companies.”

The global approach also includes offensive cyber actions against adversaries, which was one of the key pillars of the Biden administration. national cyber security strategy It was released last year. “Offensive cyber operations, like defensive cyber operations, need to be integrated into geopolitical objectives,” Neuberger said. “The President has made clear that cybersecurity and emerging technologies are fundamental national security geopolitical issues, leading the administration to become more proactive in integrating defensive and offensive cyber operations into larger strategies.” It became possible to work on this objective.”

Neuberger declined to comment on specific offensive cyber acts, but said the United States and its allies must use their offensive capabilities in a more measured manner than their adversaries.

“Remember that defense and attack are closely related, because before you launch an attack, you need to consider what will happen next in terms of the enemy’s reaction,” she says. I did. “Joining an attack is much easier. The attacker has to find one open window. The defender has to lock all the doors and all the windows.”

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button