US Should Brace for ‘Aggressive’ Sabotage From Chinese Hackers, Top Cybersecurity Official Says

Chinese state hackers will “almost certainly” conduct aggressive cyberattacks to disrupt critical U.S. infrastructure, such as pipelines and railways, if a conflict breaks out with the United States, a senior U.S. cybersecurity official has warned.

At an event at the Aspen Institute in Washington, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said that Beijing is investing heavily in advancing cybertechnologies designed to sabotage U.S. infrastructure.

“In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to include pipelines and rail lines, to delay military deployment, and to induce societal panic,” she told the audience.

“This, I think, is the real threat that we need to be prepared for, and to focus on and to build resilience against,” she said.

While malign activities from Chinese state actors have, for years, been in the spotlight, Easterly noted that the focus has been espionage—be it the “decades of intellectual property theft” or the “greatest transfer of intellectual wealth in history.” But Beijing’s efforts have now increasingly shifted toward disruption and destruction, she said.

“Given the formidable nature of the threat from Chinese state actors, given the size of their capability, given how much resources and effort they’re putting into it, it’s going to be very, very difficult for us to prevent disruptions from happening.”

Easterly’s comments come as bilateral tensions continue to rise and cyber attacks from China draw growing attention.

Late last month, Microsoft and various cybersecurity agencies under the Five Eyes alliance revealed that a Chinese cyber espionage group has, for at least two years, been conducting a campaign targeting a wide span of U.S. sectors, including manufacturing, telecommunication, government, maritime, utility, transportation, and education.

A man walks past a Microsoft sign outside a Microsoft office building in Beijing, China, on July 31, 2014. (Greg Baker/AFP via Getty Images)

The goal of the campaign was to develop “capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” Microsoft said, adding that “the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”

The United States and intelligence partners said the group can use the same tactics from the Volt Typhoon campaign to target other sectors worldwide.

The resources that the Chinese regime has put into cyber warfare have been considerable.

Appearing before the House Appropriations Committee on April 27, FBI Director Christopher Wray said that the Chinese hackers outnumber FBI cyber personnel by “at least 50 to 1.”

“If you look at China, their hacking program is bigger than that of every other nation combined,” he said in his testimony, adding that he considers communist Beijing “the greatest threat to our country” and that FBI investigations into the Chinese Communist Party (CCP) and their actors had increased by 1,300 percent.

FBI Director Christopher Wray testifies at a hearing in front of the Senate Intelligence Committee in Congress in Washington on Jan. 29, 2019. (Charlotte Cuthbertson/The Epoch Times)

Cybersecurity firm CrowdStrike, in its latest report on cyber threats, said that China-linked cyber-espionage groups are targeting 39 industries on nearly every continent. While a majority of these campaigns targeted China’s Asian neighbors, about 25 percent of the activities were aimed at North America.

In a State Department briefing on June 13, spokesperson Matthew Miller cited a March Intelligence Community report noting that “China almost certainly is capable of launching cyber-attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.”

“It’s vital for government network defenders and the public to stay vigilant. It’s why the U.S. Government, in a whole-of-government action, has worked with the private sector to prepare private sector defenses,” he told reporters when asked about the Volt Typhoon cyberattack.

Easterly said that her agency has been engaging with different social sectors in an effort to protect the vulnerable groups that may be at target.

“We have to look at this as a threat to the nation, and that we all have a part to play.”