- Chinese hackers are targeting critical U.S. infrastructure, including water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems.
- These attacks pose a significant risk to the American people and demand immediate attention.
- Businesses and home offices are also being targeted by Chinese hackers.
- Christopher Wray, former Director of Cybersecurity and Infrastructure Security Agency, provides insight into the threats and what is being done to address them.
Chinese hackers have positioned themselves to wreak havoc on U.S. infrastructure, as testified by Christopher Wray, the former Director of Cybersecurity and Infrastructure Security Agency. They are specifically targeting critical infrastructure such as water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems. The potential risks posed by these attacks demand the attention of every American.
But it doesn’t stop there. Chinese hackers are also extending their reach to businesses and home offices, as reported by the FBI and several other U.S. agencies. To shed light on the situation, CBS News invited cybersecurity expert Chris Craps, who is currently the Chief Public Policy Officer at Sentinel One and a former director of a cybersecurity and infrastructure security agency.
When discussing these attacks, it’s important to understand what a “victim I.T. environment” means. According to Craps, it refers to the nation’s critical infrastructure – the systems that keep our lights on, water flowing, and economy running smoothly. These are the systems that we rely on daily without even realizing it.
So, how do these hackers gain access to these highly sensitive environments? Craps explains that back in 2013, the Chinese were already known to be targeting domestic critical infrastructure. They primarily focus on the I.T. systems that power the digital infrastructure of utilities and communication firms. By exploiting vulnerabilities in these systems, they gain unauthorized access and begin to navigate the environment undetected.
Craps emphasizes that these attacks are preventable. The hackers typically target edge devices, which are the devices that sit at the boundary between the internal corporate network and the public internet. They specifically target the vulnerable devices that have not been patched. By scanning the internet, they identify these vulnerable devices, exploit them, and gain access to the environment. Once inside, the hackers operate inconspicuously, compromising usernames, passwords, and credentials to move around freely.
Using a metaphor, Craps compares their strategy to casing a building. They identify the vulnerable areas where the dangerous information is held, whether it’s on the outside (like the parking lot) or inside the building (like the floor with access to critical systems). The Chinese hackers take advantage of both opportunities and more. They use opportunistic scanning to find devices connected to the public internet that anyone can see. Exploiting these devices doesn’t require significant investment, as they have access to scanning tools and resources.
Now, the question arises: How alarmed should we be about these attacks on critical infrastructure? Craps suggests that while the intelligence community assesses that a cyber attack would have regional short-term impacts, a nationwide impact on the grid is unlikely due to its regional nature. However, localized attacks like the Colonial Pipeline incident a few years ago were significantly impactful. By temporarily shutting off lights or disrupting essential services, these attacks create panic and chaos, destabilizing the community and instilling fear.
Craps highlights the psychological impact that the Chinese hackers are aiming to achieve. By targeting critical infrastructure, they not only disrupt daily life but also undermine national security and erode confidence in our ability to protect ourselves. It’s crucial for the American people to remain calm and vigilant in the face of these threats.
It is evident that Chinese hackers pose a significant risk to U.S. infrastructure and national security. The urgency to address these threats cannot be overstated. It requires a collective effort from government agencies, businesses, and individuals to strengthen cybersecurity measures, patch vulnerabilities, and remain alert to potential attacks. By taking proactive steps, we can mitigate the risks and protect our critical infrastructure.