You are here

ICS/OT Threat Awareness – U.S. Highly Concerned about Chinese Malware Potentially Disrupting American Military Operations

ICS/OT Threat Awareness – U.S. Highly Concerned about Chinese Malware Potentially Disrupting American Military Operations

Created: Tuesday, August 1, 2023 - 15:45
Categories:
OT-ICS Security, Security Preparedness

In May, U.S. officials began hinting at a heightened concern level for the potential of disruptive cyber attacks against U.S. critical infrastructure from China. The activity was attributed to a group that Microsoft tracks as Volt Typhoon. A joint Cybersecurity Advisory (AA23-144a) was also published in May describing Volt Typhoon’s behavior, notably the capability to remain hidden in networks for an extended period due to significant use of living off the land techniques (described in the advisory). Additionally, WaterISAC’s June 28th Cyber Threat Briefing included an overview by EPA and CISA of Volt Typhoon and living off the land techniques that impressed concern for sector entities. However, on Saturday, the New York Times published a comprehensive article highlighting recent malware hunting activity by the Biden administration and concerns therein, including China’s ability to potentially cut off power and water to American Military bases and the surrounding population.

For convenience, this post shares relevant excerpts from The New York Times article and supporting resources. However, members, especially water and wastewater utilities servicing military bases, are encouraged to review the complete article and supporting resources.

The following are select excerpts from The New York Times article, U.S. Hunts Chinese Malware That Could Disrupt American Military Operations (emphasis added):

The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.

The malware, one congressional official said, was essentially “a ticking time bomb” that could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to U.S. military bases. But its impact could be far broader, because that same infrastructure often supplies the houses and businesses of ordinary Americans, according to U.S. officials.

“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” said Adam R. Hodge, the acting spokesman for the National Security Council.

The Chinese code, the officials say, appears directed at ordinary utilities that serve both civilian populations and nearby military bases. Only America’s nuclear sites have self-contained communication systems, electricity and water pipelines. (The code has not been found in classified systems. Officials declined to describe the unclassified military networks in which the code has been found.)

Additional relevant resources shared by WaterISAC: