Armies of hackers linked to the Chinese government are relentlessly “burrowing deep” into the computer systems that help run America’s critical infrastructure.
They are posing an urgent threat that cannot be ignored, according to a new warning from top security chiefs in the United States.
Officials, from the Federal Bureau of Investigation or FBI, the Cybersecurity and Infrastructure Security Agency, and the US military’s Cyber Command, testified on Wednesday before Washington lawmakers.
They urged the country to act before it is too late.
“The risk that poses to every American requires our attention – now,” FBI Director Christopher Wray told the Congressional Select Committee on the Chinese Communist Party, emphasizing Beijing’s actions are putting innocent civilians in the crosshairs.
“They’re not focused just on political and military targets,” Wray said, adding:
China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency or CISA, was equally blunt in her assessment of the wide-ranging threat from Beijing.
“This is truly an everything, everywhere, all at once scenario,” she said, adding:
Telecommunications going down so people can’t use their cellphone, people start getting sick from polluted water, trains get derailed, air traffic control systems are malfunctioning.
Easterly pointed out that China’s goal would be to “incite societal panic and chaos and to deter our ability to marshal military might,” especially in case of a conflict over Taiwan.
In response, China rejected the accusations, blaming Washington for fomenting a dangerous and unstable cyber environment.
“The Chinese government has been categorical in opposing hacking attacks and the abuse of information technology,” Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, said, adding:
The United States has the strongest cyber technologies of all countries but has used such technologies in hacking, eavesdropping more than others.
“We urge the US side to stop making irresponsible criticism against other countries on the issue of cyber-security,” Liu told Voice of America in an email.
But to underscore the dangers, the US Justice Department announced on Wednesday it had taken steps to disrupt a Chinese-linked cyber threat.
It was aimed at hijacking common computer routers used by homes and small businesses across the United States to access critical infrastructure.
American officials blamed the scheme on a group known as Volt Typhoon.
It gained international attention last year when tech giant Microsoft uncovered an effort by the same hackers to infiltrate and disrupt communications infrastructure in Guam, home to key American military facilities.
The recently disrupted scheme, officials said, was equally worrisome.
“The Volt Typhoon malware enabled China to hide, among other things, preoperational reconnaissance and network exploitation against critical infrastructure,” Wray warned, adding:
Steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous.
During the hearing in Washington, other top officials told lawmakers the threat is already widespread. China-linked hackers have found their way into computer systems helping to run the energy, water, transportation, and aviation sectors.
“We’ve made it easy on them. The truth is the Chinese cyber actors have taken advantage of very basic flaws in our technology,” Easterly, of the CISA, said.
She pointed out that the US must do more to adopt a “secure by design” approach, to make sure hardware and software developers are conducting more rigorous testing to eliminate vulnerabilities before their products go on the market.
Lawmakers shared in the alarm.
“This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants,” Congressional Committee Chairman Mike Gallagher, a Republican, said, adding:
There is no economic benefit [to] these actions. There’s no pure intelligence-gathering rationale. The sole purpose is to be ready to destroy American infrastructure.
Despite the multiple concerns, the outgoing head of the US Cyber Command told lawmakers the threat from Chinese hackers has not gone unanswered.
“We are ready and postured to contest [the People’s Republic of China’s] malicious activities at home and abroad,” General Paul Nakasone, of the US Cyber Command, said, adding that was especially true of the upcoming US presidential election:
I’m very confident in terms of what we will be able to deliver: a safe and secure election.
Wray, of the FBI, echoed that view although he cautioned the threats from China – and others – are growing. “Americans can be confident in our election system and our democracy,” he said, adding:
I am also mindful of the fact that our adversaries are getting more sophisticated and that there are more and more foreign adversaries who want to get in on this game.
Wray also voiced doubts about reports that Chinese government officials have promised the US they will not interfere in elections later this year.
“Well, China’s promised a lot of things over the years, so I guess I’ll believe it when I see it,” he said.
One avenue for election interference of particular concern to lawmakers is the social media network TikTok.
“If the CCP [Chinese Communist Party] were to want to change TikTok feeds to bias one candidate or another in the upcoming presidential election, would they be able to do so?” asked Democratic Representative Seth Moulton.
Wray replied: “My understanding is that under Chinese law that would be something they are permitted to do.” When pressed on whether the US should ban TikTok, he said such a decision is “outside my lane.” But Wray added:
As long as the Chinese government has the ability to control all these aspects of the business, I don’t see how you get your way clear to mitigating those concerns.
His warning builds on a steady drumbeat of alerts from the US government on the threat China poses in cyberspace.
Earlier this month, the FBI along with the CISA, and the Environmental Protection Agency or RPA cautioned cyberattacks were posing “a real and urgent risk to safe drinking water.”
The CISA also highlighted the threats from Chinese-manufactured drones, warning they could access or steal sensitive information that could put American security, and health and safety at risk.
In September, Nakasone, of the US Cyber Command, said he expected China to leverage artificial intelligence, also known as AI, to impact the upcoming US presidential elections.
“Russia, China, others are going to try to use this technology,” he told an audience in Washington.
Jeff Seldin is the Voice of America’s National Security Correspondent, tracking developments in intelligence, counterterrorism, and cyber since 2015 after a stint covering the Pentagon.
The views and opinions expressed in this article do not necessarily reflect the official policy of China Factor.