Latest news with #VoltTyphoon
Yomiuri Shimbun
24-05-2025
- Politics
- Yomiuri Shimbun
Cyberdefense Cuts Could Sap U.S. Response to China Hacks, Insiders Say
Tom Brenner/For The Washington Post Homeland Security Secretary Kristi L. Noem testifies on Capitol Hill earlier this month. SAN FRANCISCO – As senior Trump administration officials say they want to amp up cyberattacks against China and other geopolitical rivals, some government veterans warn that such an approach would set the United States up for retaliation that it is increasingly unprepared to counter. Alexei Bulazel, senior director for cyber at the National Security Council, said earlier this month that he wanted to fight back against China's aggressive pre-positioning of hacking capabilities within U.S. critical infrastructure and 'destigmatize' offensive operations, making their use an open part of U.S. strategy for the first time. Bulazel, an Oracle security architect before joining the Trump administration, said such 'exciting' action would be the quickest way to 'change the script' and hopefully curb the rising rate of foreign cyberattacks on U.S. targets. He was speaking at the RSA Conference in San Francisco, the largest annual tech security meetup, where some others inside and outside government echoed his position. 'We have done everything, but it is extreme responses that will convince governments' to change their ways, said Rob Joyce, a former head of cybersecurity at the National Security Agency. Yet far more security experts interviewed at the conference were fretting about recent personnel cuts to the Cybersecurity and Infrastructure Security Agency (CISA), and additional ones ahead under the GOP budget reconciliation bill, in which the administration asked for a 17 percent decrease in the budget of the principal civilian cyber agency. The consensus was that the U.S. is not well-defended now, and multiple security firms reported that the number of Chinese hacking attempts detected in the first quarter of this year more than doubled from a year earlier. In a memo to CISA staff Thursday night, the new No. 2 at the agency wrote that the heads of four of CISA's six main divisions – cybersecurity, infrastructure security, emergency communications and integrated operations, which oversees regional offices – were all leaving this month. The leaders of most of the regional offices also are leaving, the memo said, along with the top CISA officers for finance, strategy, human resources and contracting. U.S. security personnel revealed more than 18 months ago that Chinese military hackers had burrowed into the computer systems linked to infrastructure such as water and electrical utilities, ports and pipelines. That initiative, which the U.S. called Volt Typhoon, was soon supplemented by another, Salt Typhoon, that targets telecommunications networks. Sen. Mark R. Warner (D-Virginia) called it the 'worst telecom hack in our nation's history – by far.' The covert offensive is far from over. Volt Typhoon is showing up in a wider variety of utilities, according to specialists at the cybersecurity firm Dragos, and an FBI official said Salt Typhoon might be able to reinfect carriers after they have been cleaned up. But CISA's parent, the Department of Homeland Security, has now disbanded advisory panels, including the Cyber Safety Review Board, which was investigating Salt Typhoon. 'We need CISA, we need these operations, we need these people and partnerships,' Dave DeWalt, a security industry investor and longtime CISA adviser, told The Washington Post, alluding to the unsettled state of international alliances. 'We've got to go fast, because we are vulnerable – especially if we're doing what we are doing around the world, geopolitically.' Aside from Volt Typhoon and Salt Typhoon, DeWalt said a still-unfolding onslaught of Chinese attacks on water and power utilities and hundreds of other targets using a flaw in SAP business software shows that malicious activity is surging amid trade tensions between Washington and Beijing. Under Homeland Security Secretary Kristi L. Noem, 130 probationary CISA employees have been dismissed, along with a small team dedicated to election security that had come under criticism from Republicans for its reports of misinformation about voting procedures. Many of the agency's numerous contractors have seen their contracts canceled. 'CISA was in disastrous shape when President Trump and Secretary Noem took office,' said a senior official with the Department of Homeland Security who spoke on the condition of anonymity under departmental policy. 'Under the Biden administration, despite a ballooning budget, CISA's mission was focused on becoming a hub of self-promotion, censorship, misinformation and electioneering.' Noem told the San Francisco conference that while the agency has been doing important work, people 'only heard about it when it was doing something bad,' referring to its past contacts with social media companies about disinformation. She also said more responsibility for infrastructure protection should fall to state and local officials. 'I feel like most of the innovation can happen at the state level,' Noem said. At a small Baltimore security conference more recently, former national cyber director Harry Coker said the opposite. 'My small hometown in rural Kansas is under assault every day from nation-state actors and malicious cybercriminals,' Coker said. 'They're going after the local hospital, the local school system, the local financial systems. And no one, especially our government, should expect my rural hometown to be able to defend itself against a nation-state actor.' Security experts and officials from both major political parties had hoped to avoid cuts to CISA as severe as those being levied in other divisions and federal departments. They pointed to CISA's front-line role helping protect civilian government offices and privately owned critical infrastructure from attacks by highly effective ransomware gangs and geopolitical rivals. 'This is no time to pull defenders from the resilience and continuity of operations of lifeline human needs like water, power and access to emergency care,' said Joshua Corman, a former CISA official who now leads a pilot project with the nonprofit Institute for Security and Technology to improve security communications among people working in critical infrastructure. 'The coming storms need more help and better help. The risks are nonpartisan and affect all communities.' Congress has held several hearings on cyberthreats and introduced bills aimed at deterring Chinese spying successes. At one, Rep. Andrew R. Garbarino (R-New York), chairman of the subcommittee on cybersecurity and infrastructure protection, said even early cuts were going too far and that CISA should take on more responsibility for safeguarding government departments. CISA supporters in Congress and employees were encouraged by Trump's nomination of Sean Plankey to head CISA, though Sen. Ron Wyden (D-Oregon) has put the nomination on hold until he gets more information on telecom security. Plankey served in several high-level cybersecurity posts during the first Trump administration. Concerns about the agency's efficacy have grown with the personnel and budget cuts, despite a recent court injunction against restructuring without congressional input. 'CISA is indirectly decimating our mid- and top ranks and leaving us without capable and experienced leaders,' said a current employee, who spoke on the condition of anonymity for fear of retaliation. Current CISA executives declined to say how many people had left the agency or how it will adapt to the cuts. CISA is 'doubling down and fulfilling its statutory mission to secure the nation's critical infrastructure and strengthen our collective cyberdefense,' Executive Director Bridget Bean said in an emailed statement. 'We have focused our operations on ensuring that we are prepared for a range of cyberthreats from our adversaries.' Especially hard-hit by the cuts are the regional CISA offices that have helped local and state governments targeted by ransomware attacks, officials said. Scores of employees have also left the teams that provide CISA expertise to public and private entities – including hospitals, utilities and local public offices that have proved to be choice targets for foreign-origin hacking. Vermont Secretary of State Sarah Copeland Hanzas expressed concern particularly about local offices. 'We don't have the economies of scale that a New York or a California or a Texas has to staff up in-house to provide some of the cybersecurity support and prevention that CISA has been providing,' she said. Especially in light of the prospect of a more openly offensive U.S. cyber stance toward China, the trend toward a less robust CISA has alarmed many experts in the field. 'We were doing about a C-minus before, at risk of going down,' retired Rear Adm. Mark Montgomery, who led the congressionally chartered Cyberspace Solarium Commission confronting such issues, told attendees of the cybersecurity convention in San Francisco earlier this month. 'We are not ready for a systemic cyberattack in our country.'
Epoch Times
22-05-2025
- Business
- Epoch Times
CIA Says Winning Tech War With China Top Priority, Citing ‘Existential Threat' to US
CIA Deputy Director Michael Ellis says that China represents an 'existential threat' to the United States and that the agency's top priority is outpacing the Chinese Communist Party (CCP) in a high-stakes technological arms race that spans semiconductors, biotechnology, and artificial intelligence. 'China is the existential threat to American security in a way we really have never confronted before,' Ellis told Axios in an In separate remarks, including an 'The IC is very good at ... counting Soviet tanks ... to be ready for a possible conflict in Europe in the Cold War,' Ellis said. 'But ... when you ask the IC to look at issues ... where Chinese companies are in artificial intelligence research, it's not one that we've been well-positioned historically to think about.' As part of its shift in focus toward the tech race against adversaries such as China, the CIA is looking to develop more resources, including personnel, Ellis said, adding that this includes recruiting people with expertise in science, technology, engineering, and mathematics. 'We need more people with science and technology backgrounds, which is again a little different than the global war on terrorism mindset of the last 20 years,' he said, adding that the CIA is also increasingly looking at partnering with private-sector leaders—including recent consultations with Elon Musk—on how to cut waste, adopt artificial intelligence tools, and stay ahead of adversaries using emerging technologies like drone swarms. Related Stories 5/22/2025 5/21/2025 The deputy director's remarks echo a sharply-worded warning from former FBI Director Christopher Wray, who, before his resignation, Ellis's concerns are also reinforced by the intelligence community's latest Beijing's cyber campaign includes operations such as Volt Typhoon, a state-backed effort to infiltrate key U.S. systems and maintain covert, long-term access to vital infrastructure. A more recent campaign, known as Salt Typhoon, has targeted U.S. telecommunications networks, underscoring the regime's expanding digital reach and operational sophistication in targeting critical infrastructure in America. The report warns that in the event of a looming military conflict with Washington, especially over Taiwan, China could launch aggressive cyber strikes against U.S. military and civilian networks. These would be intended to disrupt command decisions, generate chaos among the public, and hinder the rapid deployment of American forces.
Epoch Times
06-05-2025
- Politics
- Epoch Times
China's Cybersecurity ‘Pearl Harbor' Against America: ‘Everything, Everywhere, All at Once'
Originally published by Commentary China's multidimensional war against U.S. interests is already underway and well-documented. One underappreciated dimension of its attack on American primacy, however, is the arena of cybersecurity. For decades, Communist China's spies, hackers and businessmen have feasted on the In the last two years, however, the Chinese Communist Party's (CCP) cyber-attacks against America have These changes in the CCP's cyber offensive on America consist of two basic capabilities. Related Stories 4/22/2025 4/18/2025 The newer capability is China's comprehensive data-collection operation, given the title of 'Salt Typhoon' by Microsoft, and known by other names, such as ' China is also simultaneously The second revolutionary advance in China's offensive cyber-warfare capabilities that target U.S. interests is more deadly. It threatens a Pearl Harbor-magnitude attack on America. ' Then U.S. Rep. Mike Waltz, shortly before he was appointed National Security Advisor, stated in an '[W]e have been, over the years, trying to play better and better defense when it comes to cyber. We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports.' China could The gravity of this weaponization of cyberspace at the strategic level has been Volt Typhoon is devised to create chaos in the United States. Jen Easterly, former head of the US Cybesecurity and Infrastructure Security Agency, If China is successful in placing undiscovered and undefused malware that is capable of disabling critical infrastructure in the United States, the result would most likely be the complete loss of confidence in America's ability to protect 'Free Asia' or anyone else, and enabling China to be closer to achieving its goal of ruling in the Indo-Pacific region, which it appears to see as the The Trump Administration's plan of action would do well to include massive arms deliveries to Taiwan and encouraging the island democracy to move to a war footing. President Donald Trump has already sent Trump might also convene a cabinet meeting to assure that all aspects of American public and private capabilities should be mobilized to build resiliency in critical national infrastructure, while simultaneously examining U.S. cyberspace vulnerabilities. The United States also might also go on the offense and target China's critical national infrastructure, perhaps starting with the Cyberspace Administration of China? Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
Epoch Times
04-05-2025
- Politics
- Epoch Times
Sen. Kelly Says CCP Still Has Access to US Telecom Networks
Sen. Mark Kelly (D-Ariz.) told attendees of the McCain Institute's Sedona Forum on May 3 that the Chinese communist regime still has access to the nine U.S. telecommunication companies hacked into in December 2024 during the Salt Typhoon cyber intrusion coordinated by the Chinese Ministry of State Security. 'They did it in such a way that it was very hard for us to detect that they were there and not done through the typical way that you would do something with malware,' he explained to the panel moderator. 'It was done through access to routers and using a lot of sophisticated techniques, and it was the, as you mentioned, the Chinese Ministry of State Security that coordinated this operation. They're still there, and we have yet to figure out a way to kick them off.' The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified the hacks in October of 2024 and began an investigation. In a joint statement issued on Nov. 13, 2024, the agencies revealed that the hackers compromised the networks of multiple telecom companies and stole customer call records and private communications from 'a limited number of individuals who are primarily involved in government or political activity.' CISA Executive Assistant Director for Cybersecurity Jeff Greene 'It would be impossible for us to predict when we'll have full eviction,' Greene said at the time. On Dec. 4, 2024, the Biden administration Related Stories 3/14/2025 3/5/2025 By Dec. 27, the number of compromised telecommunication companies had increased to nine. Kelly sits on the Senate Intelligence Committee and told the audience that rebuilding the United States' telecom infrastructure in order to prevent hackers from gaining access continues to be a topic of conversation among his fellow committee members. One of the issues with the nation's current telecommunication infrastructure is how organically it developed over time. 'Somebody built a system, somebody improved that system,' Kelly said. 'They added technology to it, and today we have this collaged together systems of multiple companies using different kinds of equipment that are easily accessible from our adversaries, and they're able to, if they know who you are, know your phone number, and they want to get access to some of your information, they today can probably do that, including voice calls.' Meanwhile, the Volt Typhoon threat group had been targeting U.S. critical infrastructure since 2021, and CISA confirmed that hackers had Volt Typhoon was reported to be dismantled in January 2024 but Kelly said the CCP's Ministry of State Security 'still have access into some of these systems,' and emphasized that the security risks such infiltration poses to the nation's ability to mobilize against communist China. He and his fellow panelists, Sue Gordon, former principal deputy director of national intelligence, and Frances Fragos Townsend, former counterterrorism and homeland security advisor, stressed the need for the federal government to lead the way in developing the necessary cybersecurity. They also stated that there is still no clear definition of when a cyberattack is considered an act of war. In the meantime, the senator advised the crowd on how to proceed with their telecommunications. 'If you're in any kind of sensitive position, just be aware that there are folks that are gathering information on you that want to know who all your connections are, that in a lot of cases, there are probably people in this room that foreign adversaries have access to your cell phone and you do not know it,' he said. 'There are ways to kick them off. The easiest way is [by] keeping your software up to date and turning the phone off.' Frank Fang contributed to this report.
Yahoo
01-05-2025
- Politics
- Yahoo
Bipartisan lawmakers introduce bill to bolster water system protections against hackers
EXCLUSIVE – Bipartisan lawmakers are introducing a bill on Capitol Hill Thursday focused on protecting the country's water systems from foreign hackers, just months after China admitted behind closed doors that it was responsible for a series of attacks on U.S. infrastructure. Senators Ruben Gallego, D-Ariz., and Tom Cotton, R-Ark., authored the Water Cybersecurity Enhancement Act to help protect public water systems and respond to cyberattacks, which have become more frequent in recent years. "In Arizona, we know better than most the importance of safe and secure access to water. But adversaries also understand the importance and are increasingly trying to undermine our water security," Gallego said. "It is critical that we ensure our public water systems have the resources they need to prevent and respond to cyberattacks. That's exactly what this bipartisan, commonsense bill does." The bill would extend and expand a portion of the Safe Drinking Water Act, called the Drinking Water Infrastructure Risk and Resilience Program, to provide technical assistance and grants to community water systems that can be used for training and guidance on cyberattack protections and responses. Chinese Officials Claimed Behind Closed Doors Prc Played Role In Us Cyberattacks: Report Cotton said cyberattacks on public infrastructure are a growing threat. Read On The Fox News App "This bipartisan bill will strengthen our ability to protect essential services and support local water utilities in building stronger cyber defenses," he added. The bill comes less than a month after the Wall Street Journal reported that Chinese officials acknowledged behind closed doors in December that their government was responsible for a series of attacks on U.S. infrastructure. China Attacked Us With Hackers. We Need To Hit Back Hard In the exclusive report, those who spoke on condition of anonymity claimed Chinese officials connected the cyberattacks on U.S. ports, airports, utilities and other important targets to America's support for Taiwan. The report noted that Biden administration officials learned of the attacks first hand during a summit in Geneva, as their Chinese counterparts blamed the campaign, referred to as Volt Typhoon, on a criminal organization. Chinese officials also accused the U.S. of blaming China based on their imagination. Biden Admin Doubling Tariffs On Chinese Solar Panel Parts After Reported 'Industrial Espionage' A State Department spokesperson told Fox News Digital earlier this month it had made clear to Beijing that the U.S. will continue to take actions in response to Chinese malicious cyber activity targeting the U.S. "Chinese cyber threats are some of the gravest and most persistent threats to U.S. national security," the spokesperson said. "The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure from irresponsible and reckless cyberattacks from Beijing. President Trump is committed to protecting the American people and U.S. critical infrastructure from these threats." The Chinese Embassy told FOX Business that China "firmly opposes" the smear attacks against it without any factual basis. Biden Administration Warns States Of Possible Attacks On Water Systems From Foreign Hackers The Biden administration warned state leaders in March 2024 that cyberattacks by hackers linked to Iran and China could take down water systems across the U.S. if cybersecurity measures were not taken as a precaution. Then Environmental Protection Agency administrator Michael S. Regan and Jake Sullivan, the assistant to Biden for national security affairs, said in an email to state governors that cyberattacks were targeting water and wastewater systems throughout the U.S. In the letter, the two Biden administration officials said the attacks could disrupt clean and safe drinking water and impose significant costs on affected communities. In January 2024, Russian hackers launched an attack on the water system in Muleshoe, Texas. The hack caused the small Texas town's water sytem to overflow and within two hours sent tens of thousands of gallons of water flowing out of the town's water tower. Muleshoe was one of three small towns in the rural Texas Panhandle targeted by a Russian hacktivist group. Former Department of Homeland Security Secretary Alejandro Mayorkas told legislators in a letter that the cybersecurity firm Mandiant attributed the attack on Muleshoe to Sandworm, which is believed to be connected to Russia's spy agency, the article source: Bipartisan lawmakers introduce bill to bolster water system protections against hackers
