Top cyber, intelligence chiefs to call out China as leading cyber threat

Yaorusheng/Getty Images

Researchers and officials have previously designated China as a clandestine, preparatory operator in cyberspace, quietly breaching and securing systems to use to their advantage at a later time.

Top cyber and intelligence chiefs are expected to deliver a stern message about the scale and threat of Chinese cyber activity against the U.S. at a high-profile hearing, a former White House cybersecurity official and other analysts told Nextgov/FCW

Cybersecurity and Infrastructure Security Agency Director Jen Easterly, National Cyber Director Harry Coker, FBI Director Christopher Wray and outgoing NSA and Cyber Command leader Gen. Paul Nakasone — appearing in his final hearing before his last day Friday — will testify before the House Select Committee on the Chinese Communist Party on Wednesday morning.

They will appear amid major developments in U.S.-China cybersecurity relations in recent days, with Reuters reporting the FBI and Justice Department were granted legal authorization to hit back at Chinese hackers, successfully clearing them from a group of critical systems. CNN also reported that China’s leader Xi Jinping told President Joe Biden that his nation would not interfere in the upcoming U.S. presidential election.

As the top digital adversary of the United States, China has been designated by researchers and officials as a preparative operator in cyberspace, planting the seeds for future activity or scoping out networks for sensitive information or weaknesses that can be used to its advantage at a later time. The nation has been marked as a major player for industrial espionage activity that set off alarms in lawmakers’ offices as far back as 2012.

A February 2023 report from the Office of the Director of National Intelligence speculates that if Beijing feared imminent conflict with the U.S., “it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure and military assets worldwide” and carry them out in such a way that would induce societal panic.

“‘Almost certainly’ is pretty strong language for the intel community,” said Jeff Greene, the former chief for cyber response and policy in the White House’s National Security Council. “That alone was a huge statement.”

The witnesses are likely to deliver a bipartisan message to the panel, stressing what China is already capable of in the cyber domain and what the intelligence community expects the nation to carry out next, said Greene, now senior director for cybersecurity programs at the Aspen Institute think tank.

The remarks echo findings from a recent Recorded Future readout, designating Chinese state hacking operations as more mature, coordinated and secretive than in previous years. Their practice of exposing unknown vulnerabilities in public-facing networks and products “has proved an effective tactic in scaling initial access against a wide range of global targets,” the threat intelligence company’s November 2023 report says.

Last year, Chinese cyber operatives were reported to have breached the Microsoft email accounts of federal officials in the State Department and Commerce Department. Japanese and U.S. cyber authorities have also warned of Chinese hackers lurking in networking gear. Additionally, U.S. and industry security officials told the Washington Post last month that the Chinese military has been improving its ability to hack and disrupt sensitive U.S. critical infrastructure, including utilities and transportation systems.

Lawmakers are likely to ask about the capability that China-linked hackers have to carry out more of those attacks, and the likelihood that they will do so. Some argue the clandestine hacking activity has enabled the Chinese central government to go far enough to carry out debilitating strikes on U.S. infrastructure.

“If China wanted to send a strong signal to the United States, like a ‘you need to stay out of this,’ they could hamper our military mobility or prevent our transportation, rail and port systems from working properly,” said Mark Montgomery, former head of the Cyberspace Solarium Commission, a congressionally-backed cyber policy advisory body.

That can include any conflict, like a potential invasion of Taiwan or a separate event like tensions in the South China Sea, added Montgomery, now serving as leader of CSC 2.0, a continuation of the original CSC entity at the Foundation for Defense of Democracies.

“This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,” said John Hultquist, chief analyst at Google-owned Mandiant Intelligence in a prepared statement, referring to recent activity from China-sponsored hacking group Volt Typhoon.

CISA, NSA, FBI and ONCD did not return requests for comment by publication time.