Depending on who’s telling the tale, US near-peer adversaries China and Russia may have accomplished a significant paradigm shift in their cyber operations by targeting civilian infrastructure – or they may simply be doing the same sorts of things Washington is doing with its own cyber warfare plans.
In National Defense magazine this month Josh Luckenbaugh says that, while the US and Western countries consider civilian infrastructure off-limits, its adversaries do not abide by those principles. He says that US near-peer adversaries plan to use such effects-based operations to change the US political calculus by impeding decision-making and causing social panic.
Luckenbaugh also says that since US near-peer adversaries are looking for new ways to attack critical infrastructure, looking for new ways to partner with the private sector becomes imperative, as most US critical infrastructure is privately owned.
He also notes that the US military does not own and operate critical infrastructure, necessitating new forms of public-private partnership that secure the latter but do not affect the political calculus between free enterprise, privacy, and state security.
The Taiwan case
In the latest tit-for-tat in the ongoing cyberwar between the US and China, the US has exposed extensive Chinese cyberattacks aimed at critical infrastructure to disrupt the former’s military rescue operations in the event of an attack on Taiwan from the Chinese mainland.
A recent New York Times report says that the Joe Biden administration is hunting for malicious computer code it believes China has hidden deep inside sensitive networks controlling power grids, communications systems, and water supplies that feed US military bases around the world, according to US military, intelligence, and national-security officials.
The Times notes that the first public hints of the Volt Typhoon malware surfaced in May when Microsoft detected mysterious code in Guam’s telecommunications systems and elsewhere in the US.
The paper says that the intrusion detected by Microsoft was just the tip of the iceberg, with more than a dozen US officials confirming that China’s espionage effort goes beyond telecommunications systems and long predates the May report. The cited officials said the US government’s efforts to hunt down and eradicate the malicious code had been under way for some time.
The Times reports that the discovery of the malware has raised fears that People’s Liberation Army hackers have inserted code to disrupt US operations in case of a conflict over Taiwan or if China moves militarily against the self-governing island in the coming years.
A US congressional official cited by the Times calls the malicious code in essence a “ticking time bomb” that could allow China to slow or interrupt US military deployments or resupply operations by cutting off power, water, and communications to US military bases.
US officials cited in the report also note that the malicious code could have far more devastating effects, as civilian businesses and homes depend on the same infrastructure.
The newspaper says that the malware’s discovery touched off a series of meetings in the White House Situation Room involving officials from the US National Security Council, the Pentagon, Homeland Security and various spy agencies to understand the scope of the problem and prepare a response.
The source also says the Biden administration has briefed Congress members, some state governors, and utility companies about its findings.
Pot and kettle?
Such a long-running attack with unknown scale of damage and compromised information may have put into question US defensive capabilities.
However, the US may also be guilty of cyber-warfare practices similar to those it accuses China of carrying out.
In May, China’s National Computer Virus Emergency Response Center (CVERC) and the Chinese cybersecurity company 360 accused the US of using “powerful cyber-weapons” to orchestrate attacks on critical information infrastructure, aerospace, research institution, oil and petrochemical industries, large internet companies, and government agencies in various countries, with such activities traceable as far back as 2011, according to a report by the South China Morning Post.
The Chinese also said information collected from foreign governments, companies, and citizens would be provided to US decision-makers for national-security intelligence and security risk assessments.
They said the CIA has been instrumental in fomenting political unrest in countries at odds with US interests, and that the US spy agency has provided political opposition movements with tools to circumvent censorship, such as the Tor browser, and communications tools for organize protests, such as Stampede – software that has enabled tactical-level command and control.
Earlier, in September 2022, the SCMP reported that CVERC and 360 identified the US National Security Agency’s Computer Network Operations (CNO) as the culprit behind a cyberattack against China’s Northwestern Polytechnical University in Shaanxi province, noting that the university receives funding from China’s Ministry of Industry and Information Technology and is involved in projects such as fighter-jet development.
That report claimed that the CNO used proxy servers in Japan, Germany and South Korea as springboards to infiltrate the university’s operation and maintenance network, carried out thousands of cyberattacks against the university over time, controlled multiple critical servers and stole core data using sophisticated malware.
It also said that by controlling the monitoring system and message servers of infrastructure operators, CNO could access the personal information of people with sensitive identities, package that information, encrypt it and send it back to NSA headquarters.
Mutually cool it?
The tit-for-tat cyberespionage between the US and China illustrates the danger of proliferating covert cyber operations.
In a 2015 article for Clingendael Institute, Sico van der Meer and Frans Paul van der Putten argued that the US retaliation approach against major cyberattacks would be detrimental to international stability.
There’s current evidence for their point: The 2023 National Cybersecurity Strategy states that the US will use all instruments of national power to disrupt and dismantle actors whose actions threaten its interests. The strategy notes that these efforts may integrate diplomatic, information, military (kinetic and cyber), financial, intelligence, and law-enforcement capabilities.
Van der Meer and van der Putten cited an obvious risk of escalation, normalization of covert retaliation against governments that are suspected of being involved in cyberattacks and proliferation of cyber threat actors – making cyberspace dangerous and unstable for all.
Further, they suggested that US allies urge the US to avoid seeking cyber deterrence through retaliation against China and other countries. Instead, they suggested that the US and its partners work together to establish norms halting the proliferation of state-sponsored cyber espionage and covert cyber operations across borders, which they said would be the foundation of a genuinely effective deterrence strategy against state-sponsored cyber-attacks.