U.S. Defense Department and other agencies leaders are rapidly working to protect critical U.S infrastructure against cyber attacks conducted by groups in China.
Cyber experts say that if China were to invade Taiwan, it would most likely result in cyber attacks against U.S. infrastructure systems that serve the civilian population, such as power grids, transportation networks or communications. U.S. leaders have witnessed similar cyber attacks against Ukraine infrastructure by Russian hackers.
Critical infrastructure in the U.S. is broken down into 16 sectors, including the financial services sector, the defense industrial base, health care and nuclear reactors, according to the Cybersecurity and Infrastructure Security Agency (CISA). According to Mark Bristow, director of the Cyber Infrastructure Protection Innovation Center at MITRE and former hunt and incident response team director at the Department of Homeland Security, advised that targeting the domestic critical infrastructure is part of the adversaries' doctrine.
"If China invades Taiwan … then, all of a sudden, the water treatment plants are getting hacked at home and putting too much chlorine in the water. They're hoping that they will defocus us from supporting our allies and partners in a way that we've committed to. And this is a huge departure from a policy perspective, and how we have to actually look at our defense because now everything's on the table," Bristow said a June 14 Association of the U.S. Army event in Arlington, Va.
"Now we have to look at, 'Well, what about that water treatment facility that only serves the local community around the base to distract … the willingness of your people to fight.' And if you're thinking about, you know, the safety of your family, you are distracted. And so our adversaries are counting on that to help change the political calculus," he added.
Last month, Microsoft said that Volt Typhoon, a state-backed Chinese hackers group, has been targeting U.S. critical infrastructure and has possibly been developing capabilities that would disrupt the critical communications infrastructure sector between the U.S. and Asia during future conflicts.
The group, which has been active since 2021, has been targeting critical infrastructure in the U.S., including Guam, a home to several strategic U.S. bases and where the U.S. has been growing its military presence.
"In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible," Microsoft said in a blog post.
CISA, in partnership with NSA, FBI, and its allies in Australia, New Zealand and the U.K., also published an advisory on the best practices to detect this malicious activity.
DHS estimates that the private sector owns 85% of the country's critical infrastructure, making it imperative for government agencies and private companies to work together to protect critical infrastructure sectors.
Ann Dunkin, the chief information officer at the Department of Energy, said that government agencies need trained people to go after challenges, a risk management framework that works for them, and a collaborative environment where agencies can share their expertise with each other.
"The third thing I'll point out…is risk management. We can't solve every problem. We don't have plenty of people, resources to solve every problem we have, so we have to prioritize," Dunkin said. "We all have a lot of mandates…we have that help, we can't get so caught up in the requirements behind that help."