Today, our sights are set on China. We are working with our government and industry partners to understand and mitigate risk to our critical infrastructure from Chinese cyber actors—known broadly as Volt Typhoon—that are intent on unleashing mass disruption on the US in the event of a major conflict to induce societal panic and deter our ability to marshal military might and citizen will. CISA teams are continuing to partner with critical infrastructure entities to hunt for these actors across multiple critical infrastructure sectors, including aviation, water, telecommunications, and energy. We have had success in detecting and eradicating these PRC actors, and what we have found leaves us deeply concerned about widespread PRC pre-positioning on our critical infrastructure. The PRC appears to be pursuing an “everything, everywhere, all at once” approach that would allow it to disrupt multiple critical infrastructure sectors simultaneously. 

Defending against, and preparing for, that possibility will require a nation-wide effort to improve security, build resilience, and ensure we have the playbooks in place if such a mass disruption scenario comes to pass.  As was shown to be the case in 2022, the value of such efforts is not the actual plans, especially since no plan survives first contact. But the planning itself, bringing companies and the government together to talk through preparation, and to exercise response, continuity, recovery, and communications is critical to the cyber defense and resilience of our nation. We must exercise in peace to be ready in crisis. The JCDC is already focused on this goal, working with critical infrastructure owners and operators from specific sectors and sub-sectors and their ICS/SCADA vendors to build and execute network defense and resilience plans aimed at ensuring these networks can continue to operate in the face of the Volt Typhoon threat. 

Separately, to the recommendation regarding DOD “hunt forward” operations for US critical infrastructure, I want to take the opportunity to highlight a capability—one of our truly world class teams—that we don’t often talk about. Indeed, as our teammates at the Cyber National Mission Force have been growing their hunt forward teams to engage with partners overseas, CISA has grown our own threat hunt teams to engage with partners here at home. Bolstered by authorities and budget received over the last 3 years, these hunt teams have conducted 97 engagements—in FY23 alone—across federal, state, local and private critical infrastructure entities across multiple critical infrastructure sectors including communications, water, power, and transportation. These engagements allowed our teams to evict nation-state actors affiliated with China, Russia, and Iran from American networks, rapidly share information to protect other victims, release impactful public advisories that drive risk reduction at scale, and enable our U.S. government partners, including of course DOD, to take action more effectively against our adversaries. If needed, however, we have a mechanism in place to request technical assistance from CNMF teams under Defense Support to Civil Authorities.

###

Source: U.S. Cybersecurity and Infrastructure Security Agency (CISA)

Speaker: Jen Easterly, Director of CISA

Format: Speech

Link to Original Source