A new government report calls China the top cyber-espionage threat to government agencies and U.S. businesses, and warns that the country has “the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline — for days to weeks in the United States.”
A day after two landmark indictments against against China’s Huawei, the Senate heard from leaders from the CIA, Office of the Director of National Intelligence, National Security Agency and FBI on the increasing threats from China, as well as new cyberthreats posed by Russia, Iran and North Korea.
Legislators also discussed actions beyond the criminal cases like those brought against Huawei, including legislation meant to combat cyber espionage and other threats. Huawei and China responded to the Justice Department’s allegations early Tuesday, questioning the allegations and saying they have tried to cooperate with U.S. authorities with little response.
The Senate hearing gave new insight into the scope of the worst global cyberthreats, and some insight into action legislators and intelligence officials might take to prevent it.
China and technology influence
China was called out in the the Worldwide Threat Assessment, a yearly report by the U.S. intelligence community released at Tuesday’s hearing.
The report was commissioned by the Office of the Director of National Intelligence, an umbrella organization that coordinates all the U.S. intelligence agencies.
It also reported China is “improving” cyberattack capabilities and its ability to create influence campaigns, including “altering information online, shaping Chinese views and potentially the views of U.S. citizens.”
Sen. Mark Warner, D-Va., cited the ODNI report and Huawei cases as cause to move forward with legislation meant to lessen China’s cyber-espionage activities.
Warner warned of consolidation of Chinese Communist Party power under President Xi Jinping, and an economic policy focused on beating the U.S. in areas like artificial intelligence and 5G.
Warner and Sen. Marco Rubio, R-Fla., proposed a bill that would create an Office of Critical Technologies & Security. The agency would educate business leaders about “the threats to U.S. national security posed by the improper acquisition and transfer of critical technologies by foreign countries and reliance on foreign products — such as those manufactured by Chinese telecom companies ZTE and Huawei — that jeopardize the overall security of private sector supply chains.”
Several federal agencies already perform these functions within the U.S. government, including DHS, the FBI, NSA and the Secret Service. It is unclear how the Office of Critical Technologies & Security would interface or include these agencies.
Russia also could disrupt infrastructure
China was not the only nation called out by the report.
The intelligence agencies also said Russia has been testing U.S. infrastructure and attempting to determine weaknesses that could be used to launch a destructive cyberattack. “Moscow is now staging cyber attack assets to allow it to disrupt or damage US civilian and military infrastructure during a crisis,” according to the ODNI.
“Russia has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure — such as disrupting an electrical distribution network for at least a few hours—similar to those demonstrated in Ukraine in 2015 and 2016,” according to the report.
FBI Director Christopher Wray said Russia is also continuing to use social media platforms to continue influence campaigns, including the 2018 midterms. “Not only did they continue to do it, they are continuing to adapt their model and other countries are taking interest [in conducting similar campaigns],” he said.
U.S. social media companies like Facebook and Twitter are increasingly — but tentatively — cooperating with U.S. intelligence on monitoring for misinformation campaigns, said ODNI director Dan Coates.
“Our tech teams are working with their tech teams. I can’t say that’s worked with every social media company, but it’s significantly better because there is information we can provide them that’s in their benefit. I’m encouraged — having made some trips to several of these companies — with the openness and willingness to see what we can do,” said Coates.
Iran and North Korea
Iran has similarly been testing social media, influence campaigns and “temporary disruptive effects, similar to its data deletion attacks against dozens of Saudi governmental and private-sector networks in late 2016 and early 2017,” according to the ODNI.
North Korea is presently attacking banks and other financial firms in order to steal funds for government operations, in the face of global sanctions that have severely limited its import/export capabilities. “Pyongyang’s cybercrime operations include attempts to steal more than $1.1 billion from financial institutions across the world — including a successful cyber heist of an estimated $81 million from the New York Federal Reserve account of Bangladesh’s central bank,” according to the ODNI.