Freely subscribe to our NEWSLETTER

Kudos to The White House and Environmental Protection Agency for disclosing yesterday to governors that ongoing PRC-sponsored cyberattacks pose a clear and present danger to the operators of water treatment plants and other critical infrastructure in the U.S. Sounding this alarm shows that this activity is not just “cyberattack as usual,” but to provide operators additional time to harden their systems and making them harder to penetrate.

Yesterday’s news is a sobering reminder that the Chinese nation-state-backed groups such as Volt Typhoon have been penetrating critical infrastructure in the U.S. for years. Multiple U.S agencies have assessed “with high confidence” that these actors “are pre-positioning themselves on IT networks…to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.”

Recently in Munich, FBI Director Christopher Wray said that hacking operations directed against the U.S. are at previously unseen levels and that China’s hacking operations are larger than every other major nation combined. Soberingly, Wray also acknowledged that China’s hackers outnumber FBI cyber analysts by at least 50 to one. So collectively, the U.S. government, law enforcement agencies, critical infrastructure operators and private sector organisations face a daunting task protecting our most critical assets from compromise. Unlike most ransomware groups, these state actors don’t rely on malware; instead, they can “live off the land,” using stolen credentials from identity systems such as Active Directory, and thus avoid setting off endpoint security software alarms.

The FBI’s and CISA’s February advisory with security measures (including free security scans) for water treatment plant operators was smart and timely given this week’s developments. It’s a reminder that defenders can never let their guard down because threat actors are now attacking continuously. Defenders need a robust response plan, including the ability to detect and rapidly undo any changes the threat actors make and to have robust cyber-focused backup and recovery systems in place to mitigate these attacks and limit any possible damage associated with them.