By Laurence F. Sanford

The United States is in a pre-war Digital Pearl Harbor status with the Chinese Communist Party (CCP). It is not like any previous wars, but it is war nonetheless.

The CCP is waging unrestricted warfare against the U.S. through the fusion of all state components. The leading component of this unrestricted war is cyber-digital warfare conducted through Gray Zone activities, which are those actions between kinetic (shooting) and diplomatic niceties.

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyber attacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

CISA Director Jen Easterly gave a stark account of CCP’s placement of malware on critical infrastructure. She characterized the Chinese actions as, “This is truly an Everything, Everywhere, All at Once scenario.”

At the recent Munich Cyber Security Conference, FBI Director Christopher Wray said the U.S. and world partners ousted Russian hackers from a network of homes and business routers that were targeting persons of intelligence interest. While this was good news, Wray said the world is much more dangerous due to the massive hacking programs of the CCP. They are larger than the rest of the world combined. Wray has also warned of CCP espionage and, most recently, of CCP efforts to infiltrate critical infrastructure networks.

The agencies confirmed that Volt Typhoon, a CCP malware program, has compromised the IT environments of multiple U.S. critical infrastructure organizations — primarily in communications, energy, and transportation systems, as well as water and wastewater sectors.

Rob Joyce, cyber security director of the National Security Agency (NSA), said CCP hackers are positioning themselves within computer networks so as to strike at U.S. infrastructure in the event of conflict.

Volt Typhoon is not the only cyber malware attacking U.S. critical infrastructure. Dragos, a cyber security company in Hanover, Maryland, estimated there were 905 cyber attacks, a 50% increase, against industrial companies last year from a variety of other nation-states and entities. Dragos identified 28% more groups conducting the attacks. The attacks were not only against information technology but were also against operational technology — heavy machinery and industrial control systems. Ransomware attacks against industrial control systems were increasingly common and with ransom quickly paid.

A U.S.-based research group was the target of CCP cyber attacks after it published testimony from a whistleblower doctor describing a Falun Gong practitioner who had her kidney removed against her will in China. The woman died shortly after and is a victim of “forced organ harvesting.”

Europe is also under cyber attack, primarily from CCP-backed Mustang Panda. Utilizing targeted “spear phishing,” the attackers are armed with detailed information about their targets in order to lure them into their espionage net for the purpose of gathering intelligence, disrupting operations, influencing policy decisions, and affecting elections. Their primary targets are in the diplomatic, defense, and transportation sectors.

South Korea and Japan have been and are the targets of CCP-sponsored TAG-74 cyber espionage. It poses a significant threat to academic, aerospace and defense, military, and political entities.

Worldwide, CCP cyber organization I-Soon had 500 documents leaked and posted online anonymously, which detailed hacking, operational and marketing materials, and target lists. Most of the material was aimed at CCP dissidents residing outside of China. I-Soon is one of many Chinese contractors that compete for opportunities to perform cyber espionage for various CCP government agencies.

Summary

Everything, Everywhere, All at Once espionage from China is what the United States is facing. The CCP intends to dominate the world, and cyber espionage is just one of the many tactics it employs.

Defensive awareness and offensive actions by the U.S. and allies against the threat are increasing. An example is the CCP’s newspaper, Global Times, complaining of foreign cyber spies attacking key information systems and stealing important sensitive data. It asks citizens and organizations to collaborate with national security agencies and to report any suspected cyber espionage to government authorities promptly.

“Whack a mole” defense, however, is not good enough. Whack one mole, and another pops up. The best defense is a strong offense. The U.S. government needs to increase its offensive cyber capabilities dramatically, both within the government and by partnering with private organizations. Obviously, cyber security development is secret, but the public can be advised that the work is being done through the normal congressional budget process.

Yet no Washington, DC, consensus has emerged in recognizing the CCP threat. Our military budget remains woefully short of what is needed to rebuild its capabilities. President Joe Biden recently joined Chinese-controlled TikTok to campaign for his reelection. This came after Biden banned TikTok from government computer systems and after the FBI and other agencies warned of TikTok’s dangers.

Action

1. Reciprocity — U.S. policies should be based on reciprocity. If the CCP will not allow American media to operate in China, then the U.S. should not allow Chinese media TikTok and others to operate in America.
2. Offensive cyber weapons — reciprocate against China.
3. Invest in the U.S. military and supporting industrial base.
4. Increase cyber security capabilities in all sectors of society.
5. Government leaders — educate Americans on the dangers from China.
6. Citizens — write and meet with congressional members and local politicians.

Laurence F. Sanford is a senior analyst at the American Security Council Foundation.