View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Chinese hackers want to wreak ‘disruption and destruction’ on US critical infrastructure

Washington's cybersecurity chief says China's hacking gangs have moved on from gathering intelligence to more harmful activities.

By Claudia Glover

China is shifting its cyberattacks from a focus on espionage to a more aggressive stance of “disruption and destruction”, the head of the US cybersecurity agency has warned. Jen Easterly said critical infrastructure is now a key target for Beijing’s hackers. Experts say this reflects the changing nature of the relationship between the US and China.

Jen Easterly says China is changing tactics (Photo by Kevin Dietsch/Getty Images)

Speaking yesterday at the Aspen Institute Cyber Summit, Easterly, who is director of the Cybersecurity and Infrastructure Security Agency (CISA) said that China’s cyber espionage operations exhibited the “biggest transfer of intellectual wealth in decades.”

China getting aggressive in cyberspace – Jen Easterly

The discussion was in relation to a joint report released last month by the Five Eyes security alliance, which includes the US and the UK, exposing a Chinese cybercrime gang called Volt Typhoon, which was found deep inside elements of US critical infrastructure. Microsoft’s threat intelligence team also released a warning that the gang may be able to disrupt telecoms infrastructure.

Easterly said this marked a change of approach for China, which has previously been focused on stealing large tranches of information. “I think the key difference here was PRC (People’s Republic of China) actors,” she said. “Their focus has been espionage, we’re talking about decades of intellectual property theft and the greatest transfer of intellectual wealth in decades.”

The new trend among Chinese hackers is “less about espionage and more about disruption and destruction,” she told delegates. “In the event of a conflict China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to go after our pipelines and rail lines, to delay military deployment and to induce societal panic,” Easterly said. “This, I think, is the real threat we need to be prepared for, that we need to focus on and to build resilience against.”

She also referred to the US Annual Threat Assessment, in which it references a corresponding growth in the threat of Chinese, state-sponsored cybercriminals. The document outlines Beijing’s “hold on power” in cyberspace, alongside “the expansion of technology-driven authoritarianism globally”.

The Office of the Director of National Intelligence, the department behind the report, warns that “if Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against US homeland critical infrastructure and military assets worldwide.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Political stance rather than true warning

But Easterly’s proclamations could reflect the evolving political situation, rather than an actual heightening of risks for businesses, says Anna Pagnacco, cybersecurity policy analyst at Oxford Information Labs. She says that “international relations in cyberspace follow a playbook of their own because the cyber landscape is meaningfully different from traditional domains of state operation.”

In the face of state-sponsored groups having “plausible deniability for offensive conduct, naming and shaming is a powerful tool to conduct cyber diplomacy,” Pagnacco argues.

Ongoing tension between the US and China, which has led to a trade war between the two countries, makes it both “more likely that China may plan more offensive cyber operations, and that Western intelligence pays more attention to any developments,” she says.

None the less, Pagnacco says critical infrastructure providers should be “aware they are potential targets for nation-state activity.”

“The ideal response to this rising level of offensive cyber activity is a hardening of cyber defences throughout all sectors, so that malicious actors have a harder time finding opportunistic access pathways,” she says.

Read more: University of Manchester hit by cyberattack

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.