U.S. cyber officials and digital defenders say they are changing their operations in the wake of successful hacks into American infrastructure by China’s Volt Typhoon cyberattackers.
Top officials from the National Security Agency and Department of Homeland Security took attendees of the Billington CyberSecurity Summit inside the massive changes in progress to the nation’s cybersecurity posture.
U.S. officials said earlier this year that the Volt Typhoon hackers breached critical infrastructure organizations in the communications, energy, transportation, and water and wastewater sectors. The purpose of the China-sponsored hacks was not espionage but pre-positioning for future attacks, according to the assessment of the FBI, NSA, and DHS’ Cybersecurity and Infrastructure Security Agency.
Dave Luber, who took over NSA’s cybersecurity directorate in April, said Tuesday that his agency’s ranks of codebreakers and codemakers are changing their approach because of Volt Typhoon’s tactics.
“This is very different from a tradecraft perspective,” Mr. Luber said. “It’s going to require us to think differently about how we sense and monitor our networks, how long we keep logs on those networks so that we can see these potential indicators of a credentialed user doing nefarious activity inside of a network that would otherwise potentially cause us harm in critical infrastructure or government systems.”
Mr. Luber touted the need for the U.S. government to work more closely with private companies.
CISA Deputy Executive Assistant Director Matthew Hartman said the whole-of-government response to the China-sponsored cyberattacks is the most sustained effort by the federal government, its international partners, and the private sector that he has seen in 16 years of government work.
Mr. Hartman said China’s shift from cyber espionage to preparing for disruption and destruction is the biggest change America’s digital defenders have yet seen.
“We have a ton of work underway across the U.S. government in coordination with industry really to, to my colleagues’ points, identify and help organizations identify PRC threat actors on their networks, help them evict those actors, give all of the services and guidance that we can, all of the intelligence that the U.S. government has,” Mr. Hartman said.
America’s close relationship between the U.S. government, its foreign allies, and private industry was on full display at the Billington CyberSecurity Summit in Washington. Thousands of attendees crammed into conference rooms in Washington to hear from top White House officials, major tech companies, and leaders from Australia, Canada, and Israel’s governments among others.
Mr. Hartman said the U.S. government will not get out of the problem created by China’s hackers by bolstering defenses enterprise-by-enterprise and sector-by-sector. He said tech companies need to fundamentally shift their priorities toward making products secure by design.
“This is going to be a very, very long, multiyear, multi-decade journey,” Mr. Hartman said.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.