At a recent testimony in front of Congress on Jan. 31, both Federal Bureau of Investigation (FBI) Director Christopher Wray and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly gave stark accounts of Chinese preplacement of malware on critical infrastructure.
Some called it a “digital Pearl Harbor” scenario. This is not new; Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response, and Service Branch, used this expression in 2012.
This testimony by Mr. Wray and Ms. Easterly was sobering. Ms. Easterly characterized the Chinese actions starkly, “This is truly an ‘Everything Everywhere, All at Once’ scenario.”
In military operations, the term for these kinds of actions before a conflict is known as “Operational Preparation of the Battlefield,” or sometimes it is shortened to “Advance Force Operations.”
The tip of the spear for such actions by the Chinese Communist Party is the mundane-sounding “Strategic Support Force” (SSF), which is the People’s Liberation Army equivalent of the U.S. Special Operations Command plus portions of the National Security Agency and the Central Intelligence Agency all in one. Fentanyl and Chinese paramilitary operators coming across the unsecured U.S. southern border could also be traced to the SSF.
Chinese Preplacement of Malware 1st Noticed in Guam
Although the recent testimony by Mr. Wray and Ms. Easterly was shocking, it was a little bit of a recycled news event. Volt Typhoon, the name of the intrusion set Mr. Wray and Ms. Easterly were referring to, was first publicly reported almost a year ago. It was announced by Microsoft in May and then surfaced again in about July. Volt Typhoon received some attention, but the initial public reporting was still in the shadow of the initial Chinese spy balloon episodes and perhaps was not totally understood in its significance.
The initial reports of the malware emplacement were a bit “techie” and glossed over the gravity of the situation. There is an evolving process and protocol in different information-sharing environments, such as the Enduring Security Framework, which is one of the senior-level entry points for information sharing between industry and government. Trending new cyber issues are brought here to be discussed, and response actions are planned and implemented.
The effects of Volt Typhoon could be catastrophic and quite significant. The eight major floating drydocks that the U.S. Navy and the Defense Industrial Base depend on for new construction and repair of vessels were all either built in China or likely retrofitted with motors, pumps, or valves from China and could flip over if improperly flooded. Spycranes are also a related vulnerability and could topple over on command if safety features were remotely overridden. The U.S. government is attempting to study and organize this broad and pervasive Chinese advance force operation that is intended to prepare the cyber battlespace and disable America’s critical infrastructure.
- A way forward on Taiwan? - September 25, 2024
- US should speed up bolstering its Arctic strategy to counter China’s ambitions - September 16, 2024
- A new naval base for China would allow quick breakout into the deep Pacific - July 19, 2024