Pre-War Digital Pearl Harbor
Thursday, March 7, 2024
Written by Laurence F Sanford, Senior Analyst ASCF
Categories: ASCF Articles
February 26, 2024 - The United States is in a pre-war Digital Pearl Harbor status with the Chinese Communist Party (CCP.) It is not like any previous wars, but it is war nonetheless.
The CCP is waging unrestricted warfare against the U.S. through the fusion of all state components. The leading component of this unrestricted war is cyber-digital warfare conducted through Gray Zone activities, which are those actions between kinetic (shooting) and diplomatic niceties.
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that the People’s Republic of China (PRC) state-sponsored cyber actors are seeking to position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.
CISA Director Jen Easterly gave a stark account of CCP's placement of malware on critical infrastructure. She characterized the Chinese actions as “This is truly an Everything, Everywhere, All at Once scenario.”
At the Munich Cyber Security Conference, FBI Director Christopher Wray said the U.S. and world partners ousted Russian hackers from a network of homes and business routers targeting persons of intelligence interest. While this was good news, Wray said the world is much more dangerous due to the massive CCP's hacking programs. They are larger than the rest of the world combined. Wray has warned of CCP espionage and, most recently, of CCP efforts to infiltrate critical infrastructure networks.
The agencies confirmed that the Volt Typhoon, a CCP malware program, has compromised the IT environments of multiple U.S. critical infrastructure organizations—primarily in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors.
Rob Joyce, cyber security director of the National Security Agency (NSA), said CCP hackers are positioning themselves within computer networks to strike at U.S. infrastructure in the event of conflict.
Volt Typhoon is not the only cyber malware attacking U.S. critical infrastructure. Dragos, a cyber security company in Hanover, Maryland, estimated there were 905 cyber attacks, a 50% increase, against industrial companies last year from a variety of other nation-states and entities. Dragos identified 28% more groups conducting the attacks. The attacks were not only against information technology but were also against operational technology --- heavy machinery and industrial control systems. Ransomware attacks against industrial control systems were increasingly common and with ransom quickly paid.
A U.S.-based research group was the target of CCP cyber attacks after it published testimony from a whistleblower doctor describing a Falun Gong practitioner who had her kidney removed against her will in China. The woman died shortly after and is a victim of “forced organ harvesting.”
Europe is also under cyber attack, primarily from CCP-backed Mustang Panda. Utilizing targeted “spear phishing,” the attackers are armed with detailed information about their targets to lure them into their espionage net to gather intelligence, disrupt operations, influence policy decisions, and affect elections. Their primary targets are in the diplomatic, defense, and transportation sectors.
South Korea and Japan have been and are the targets of CCP-sponsored TAG-74 cyber espionage. It poses a significant threat to academic, aerospace and defense, military, and political entities.
Worldwide, CCP cyber organization I-Soon had 500 documents leaked and posted online anonymously, including detailed hacking, operational and marketing materials, and target lists. Most of the material was aimed at CCP dissidents residing outside of China. I-Soon is one of many Chinese contractors competing for cyber espionage opportunities for various CCP government agencies.
Summary
Everything, Everywhere, All at Once espionage from China is what the United States is facing. The CCP intends to dominate the world, and cyber espionage is just one of the many tactics it employs.
Defensive awareness and offensive actions by the U.S. and Allies against the threat are increasing. An example is the CCP’s newspaper, Global Times, complaining of foreign cyber spies attacking key information systems and stealing important sensitive data. It asks citizens and organizations to collaborate with national security agencies and promptly report any suspected cyber espionage to government authorities.
“Whack a mole” defense, however, is not good enough. Whack one mole, and another pops up. The best defense is a strong offense. The U.S. government needs to increase its offensive cyber capabilities dramatically, both within the government and by partnering with private organizations. Obviously, cyber security development is secret, but the public can be advised that the work is being done through the normal Congressional budget process.
Yet, no Washington D.C. consensus has emerged on recognizing the CCP threat. Our military budget remains woefully short of what is needed to rebuild its capabilities. President Biden recently joined Chinese-controlled TikTok to campaign for his re-election. This came after Biden banned TikTok from government computer systems and after the FBI and other agencies warned of TikTok’s dangers.
Action
1. Reciprocity - U.S. policies should be based on reciprocity. If the CCP does not allow American media to operate in China, then the U.S. should not allow Chinese media, such as TikTok and others, to operate in America.
2. Offensive cyber weapons - reciprocate against China.
3. Invest in the U.S. military and supporting industrial base.
4. Increase cybersecurity capabilities in all sectors of society.
5. Government leaders - educate Americans on the dangers from China.
6. Citizens - write and meet with Congressional members and local politicians.
Peace Through Strength!