You are here

FBI Director Wray Warns of China’s Preparations to Disrupt Critical Infrastructure Including the Water Sector

FBI Director Wray Warns of China’s Preparations to Disrupt Critical Infrastructure Including the Water Sector

Created: Tuesday, April 23, 2024 - 13:49
Categories:
Cybersecurity, OT-ICS Security, Federal & State Resources

During a speech at Vanderbilt University, FBI Director Christopher Wray drew more attention to the threat from Chinese hacking operations on U.S. critical infrastructure and warned that the situation has become even more urgent. See WaterISAC’s previous coverage of the preeminent cyber threat posed by the PRC.

Wray explained that groups like Volt Typhoon are preparing for the possibility of widespread disruptive actions as early as 2027 and that Chinese hackers are so numerous they outnumber the bureau’s total cyber personnel fifty to one. They have targeted dozens of oil pipeline entities since 2011, as well as entities in the water, energy, and telecommunications sectors, among others. In some cases, they have completely ignored business and financial information in favor of stealing data on control and monitoring systems. U.S. officials have previously described this behavior as "pre-positioning” for future attacks to disrupt or halt critical infrastructure systems.

Director Wray continued that stakeholders across private industry and government need to treat the threat as immediate and implement plans to fortify networks and respond to attacks now. Access Director Wray’s full speech here.

Current guidance to take today to mitigate Volt Typhoon activity:

  1. Apply patches for internet-facing systems. Prioritize patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon.
  2. Implement phishing-resistant MFA.
  3. Change default passwords and do not share passwords or use the same password across multiple systems/applications.
  4. Ensure logging is turned on for application, access, and security logs and store logs in a central system.

More resources on Director Wray’s speech:

Previous guidance and resources from CISA on Volt Typhoon:

Previous WaterISAC Volt Typhoon coverage: