China is shifting its cyberattacks from a focus on espionage to a more aggressive stance of “disruption and destruction”, the head of the US cybersecurity agency has warned. Jen Easterly said critical infrastructure is now a key target for Beijing’s hackers. Experts say this reflects the changing nature of the relationship between the US and China.
Speaking yesterday at the Aspen Institute Cyber Summit, Easterly, who is director of the Cybersecurity and Infrastructure Security Agency (CISA) said that China’s cyber espionage operations exhibited the “biggest transfer of intellectual wealth in decades.”
China getting aggressive in cyberspace – Jen Easterly
The discussion was in relation to a joint report released last month by the Five Eyes security alliance, which includes the US and the UK, exposing a Chinese cybercrime gang called Volt Typhoon, which was found deep inside elements of US critical infrastructure. Microsoft’s threat intelligence team also released a warning that the gang may be able to disrupt telecoms infrastructure.
Easterly said this marked a change of approach for China, which has previously been focused on stealing large tranches of information. “I think the key difference here was PRC (People’s Republic of China) actors,” she said. “Their focus has been espionage, we’re talking about decades of intellectual property theft and the greatest transfer of intellectual wealth in decades.”
The new trend among Chinese hackers is “less about espionage and more about disruption and destruction,” she told delegates. “In the event of a conflict China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to go after our pipelines and rail lines, to delay military deployment and to induce societal panic,” Easterly said. “This, I think, is the real threat we need to be prepared for, that we need to focus on and to build resilience against.”
She also referred to the US Annual Threat Assessment, in which it references a corresponding growth in the threat of Chinese, state-sponsored cybercriminals. The document outlines Beijing’s “hold on power” in cyberspace, alongside “the expansion of technology-driven authoritarianism globally”.
The Office of the Director of National Intelligence, the department behind the report, warns that “if Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against US homeland critical infrastructure and military assets worldwide.”
Political stance rather than true warning
But Easterly’s proclamations could reflect the evolving political situation, rather than an actual heightening of risks for businesses, says Anna Pagnacco, cybersecurity policy analyst at Oxford Information Labs. She says that “international relations in cyberspace follow a playbook of their own because the cyber landscape is meaningfully different from traditional domains of state operation.”
In the face of state-sponsored groups having “plausible deniability for offensive conduct, naming and shaming is a powerful tool to conduct cyber diplomacy,” Pagnacco argues.
Ongoing tension between the US and China, which has led to a trade war between the two countries, makes it both “more likely that China may plan more offensive cyber operations, and that Western intelligence pays more attention to any developments,” she says.
None the less, Pagnacco says critical infrastructure providers should be “aware they are potential targets for nation-state activity.”
“The ideal response to this rising level of offensive cyber activity is a hardening of cyber defences throughout all sectors, so that malicious actors have a harder time finding opportunistic access pathways,” she says.