Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, testifies before a House Homeland Security Subcommittee, at the Rayburn House Office Building in Washington, D.C., April 28, 2022.
Kevin Dietsch | Getty Images
China’s cyber-espionage and sabotage capacities are an “epoch-defining threat,” the top U.S. cybersecurity official said, warning that in the event of open warfare “aggressive cyber operations” would threaten critical U.S. transportation infrastructure “to induce societal panic.”
“I think this is the real threat that we need to be prepared for,” Cybersecurity and Infrastructure Security Agency Director Jen Easterly said at an appearance Monday at the Aspen Institute in Washington, D.C. Easterly was responding to a question about the recently disclosed Chinese infiltration of U.S. military and private sector infrastructure.
The attacking group was dubbed “Volt Typhoon” by Microsoft and was overtly linked to the Chinese government’s cyber-offensive capacities. Easterly warned that in the event of open conflict between the U.S. and China, Americans should expect that similar hacking groups would target pipelines and railways. “It’s going to be very, very difficult for us to prevent disruptions from happening,” Easterly said.
“We, as an American people, need to understand not just cyber resilience but the imperative of operational resilience and the importance of societal resilience,” the CISA director said.
The blunt warning comes at a time of heightened geopolitical tensions. Corporate executives have far less insight into potential Chinese partners or customers than they did even a year ago. Fending off cyber threats from China and Asia has become a top priority for the U.S. government, which has begun to describe in clearer and blunter terms the links between the Chinese government and myriad hacking groups.
Chinese cyber infiltration and espionage have been an ongoing concern for American companies. Intellectual property theft has been used by Chinese companies to reach parity with American competitors.
But the clear and present danger underlined by Easterly suggests that the U.S. government has become increasingly willing to highlight the risks beyond espionage. A disruption of critical pipelines, communications infrastructure, or transportation services could cripple the U.S. economy in the case of conflict.
The Colonial Pipeline cyber intrusion, for example, disrupted airlines and caused gas shortages across the East Coast. That attack by Russian hackers initially cost the company $5 million.
“I think that this is the most important issue for anyone who runs or operates critical infrastructure is that we need to be prepared for disruptive attacks,” Easterly said. “Now, I hope that doesn’t happen.”