MIAMI — In recent months, U.S. intelligence officials have issued a series of blistering warnings about Chinese hacking efforts targeting U.S. critical infrastructure, but last week's meeting of the world's leading industrial cybersecurity experts revealed that these systems The conversations that took place among those charged with protecting the United States were anything but alarming. When it comes to China.
Instead, conversations on the panels and in the hallways of the S4X24 conference focused on a lack of information from Washington about Chinese operations and warnings from intelligence agencies about the clear threat from China that many in the industry see as the status quo. focused on what they believed to be.
According to many conference attendees, China's hacking efforts targeting critical infrastructure entities such as power grids and ports are not surprising, and it is simply naive to think otherwise.
Dale Peterson, the security pioneer who founded the S4 conference series, said in one panel appearance that China's hacking operation, known as Bolt Typhoon, has the ability to disrupt communications between the United States and Asia. U.S. intelligence officials say they believe it is intended to give China the following information: The events of the conflict are “not shocking” and “should not be exaggerated.”
“Why not choose a strategic goal?” Peterson wondered aloud.
Peterson has warned since 2013 that critical infrastructure entities are likely to become targets of destructive state-sponsored cyber operations, and the latest warning about Bolt Typhoon is the latest development in a long-running saga. I think it's just a matter of. “Bolt Typhoon is not important,” he wrote last month. “What's important is the recognition and acceptance that this is the way it is.”
But this view irritated others present at the security meeting.
“As an industry, as a sector, we're becoming a little bit complacent,” Victor Atkins, former head of cyber intelligence at the Department of Energy, told CyberScoop. An industry-wide “fatigue” about the threat posed by hackers has led too many security professionals to dismiss recent warnings as already known.
But when intelligence officials warned of an unprecedented Chinese hacking operation, Atkins, now global director of industrial cybersecurity executive advisory services at 1898 & Co., said people didn't really know what this was all about. I wondered out loud if he knew anything about this.
The warnings about the threat posed by China come at a time when industrial systems such as water utilities are rapidly becoming digital, a trend that is likely to increase the number of successful cyberattacks. At the same time, security is rarely a priority, as was the case when Iranian hackers targeted an Israeli-made programmable logic controller and were able to break into a Pennsylvania water facility after failing to change the default password. , resulting in amateurish and opportunistic attacks.
This digitalization trend spans a variety of sectors. Atkins says today's auto companies are as much software companies as they are companies that shape steel and assemble physical components, and in this new era, it's not enough to treat cybersecurity as a completely defensive company. he claims. The possible attack vectors are nearly endless, making it simply impossible for critical infrastructure owners and operators to protect themselves from China.
“The goal is not to keep the Chinese out; the Chinese are coming in, and they have a tremendous amount of dedicated resources that have been focused on just getting in for years.” Aikins said. “The goal now is not to protect the environment. The goal is to survive an attack. And that's a different mentality.”
Atkins said owners and managers are “putting in what they can when they can, but I don't think that's enough.”
There is also a deep divide between intelligence officials and the officials responsible for protecting critical infrastructure from foreign attacks.
“The idea that this is a China-Russia problem is foolish,” argues Robert M. Lee, founder and CEO of industrial cybersecurity firm Dragos. “Industrial infrastructure is being targeted by actors in every state, including the United States.”
Lee, a former Air Force officer who took part in US hacking operations, feels the warnings from US intelligence officials are “hypocritical”.
“You can't sit there and clutch your pearls and say, 'I can't believe they're doing what we're doing,'” he said.
At a Congressional hearing in late January, FBI Director Christopher Wray called Chinese hacking activity and China's growing influence “the defining threat of our generation.” In a subsequent advisory, intelligence agencies from the United States and its allies said Chinese hackers had been lurking in critical infrastructure networks for five years and that “potential geopolitical tensions or military conflict could arise.” “Access may be used to destructive effect in certain cases.” ”
Peterson argues that while the most dire warnings from U.S. intelligence agencies were based on the threat of Chinese hacking, ransomware operations run by criminal groups are now causing real harm. Ongoing ransomware attacks on payment processors have crippled large swathes of the U.S. healthcare system, and Russia may be allowing ransomware groups to operate with impunity within its borders However, such groups are primarily criminals rather than political actors.
“Either they're right and we're going to see some big, significant compromises, or they're going to cry,” Peterson said of the warnings from U.S. intelligence agencies.
In the absence of Chinese operations to disrupt the grid, cyber defenders want more information from the federal government to build adequate protections. Grant Geyer, chief product officer at cybersecurity firm Claroty, said it remains difficult to convince customers of the threat without exaggerating and instilling fear, uncertainty and doubt.
“What organizations need to understand is how important our organization is to national security. Based on that criticality, it's like, 'What do we need to do in general?' That's not the point. It's, 'What exactly do we need to do?'” Geyer said. “Property owners are also questioning the need to act quickly. It's not that they aren't taking it seriously. But seriousness requires specificity.”
Cybersecurity experts continue to complain that federal information sharing remains too lax, and intelligence agencies are working to address the issue.
“Turn on C-SPAN and look, 'I might be compromised, but I don't know,'” said Marco Ayala, president of the Houston chapter of the information-sharing group InfraGard National Members Alliance. “I'm tired of it,” he said.
“As it stands, we are late to the game and getting a lot of things behind the party,” he said, adding that he would like the government to make more use of organizations like Infragard and intelligence sharing. Ta. and analysis centers disseminate information to vetted communities.
However, sharing information about the current Chinese hacking threat is made more difficult by the fact that the Chinese government's activities are becoming increasingly quiet.
China has been interested in destructive targeting of critical infrastructure since 2012, when CISA's predecessor, the National Protection Programs Directorate, and the FBI issued a warning about intrusions into 23 U.S. pipelines. The China-sponsored campaign relied on spear-phishing emails and social engineering, including calling network engineers to request information about their security practices.
In contrast, the Bolt Typhoon seems to be more focused on stealth and long-term access.
Marty Edwards was director of the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team at the time the pipeline alert was issued. He said traditional indicators of compromise are not as easy to detect because the Bolt Typhoon infiltration relies on land-based survival techniques that leverage legitimate services already present on the compromised system to conduct operations. said it was not available. Instead, defenders must look for anomalous behavior within the network, which is difficult at best.
This tactical shift by Chinese carriers means the government may have nothing more to share with industry than it already has. “I don't think the government is hiding anything here. I think they really don't have any additional information,” Edwards said.
With tensions between the U.S. and China unlikely to go away, at least one key industry official says critical infrastructure operators in attendance are waking up to the fact that they are pawns in a much larger geopolitical game. I urged him to do so.
Megan Samford, vice president and chief product security officer for energy management at Schneider Electric, said that “something we're really working on, but no one's really talking about'' is “Cyber Security as Mutually Assured Destruction.'' “The concept of Samford argues that many Chinese intrusions are discovered because China wants attention. “That’s exactly right. [mutually assured destruction] And nuclear war and nuclear proliferation will proceed. ”