NASHVILLE, Tennessee – China has been trying to find ways to gain access to critical infrastructure in the United States to be able to threaten those systems in the event of a conflict, the director of the National Security Agency said Wednesday.
The general Timothy D. Haugh who assumed command of the NSA and of Cyber Command of the US military in February, said that Beijing had stepped up its cyber efforts and that the United States, in response, was working harder to disrupt that activity.
Last year, U.S. officials uncovered an effort by China to gain access to critical infrastructure on Guam, home to U.S. military bases, and in the continental United States.
Microsoft called intrusions Volt Typhoon after a Chinese network of hackers who often avoided using detectable malware and instead used stealthier techniques to break into wastewater systems and communication networks.
“What you see in Volt Typhoon is an example of how China has approached establishing access to put things under threat,” Haugh said at a security conference at Vanderbilt University.
“There is no valid intelligence reason to analyze a water treatment plant from a cyber perspective.”
Haugh said China was ensuring access to critical networks before a direct confrontation between the two countries.
While he did not say specifically what that might entail, other U.S. officials have said that if China gained access to critical infrastructure near military bases, it could disrupt or shut down systems to sow chaos and slow the response time to a crisis in the Pacific or Taiwan.
“They are sending a pretty clear signal of how they would use cyberspace in a crisis,” he said.
Haugh said Volt Typhoon was part of Beijing’s campaign to expand its global dominance.
China, he said, is a “urgent military threat” and is increasing the sophistication of its cyber capabilities.
Later in the conference, David E. Frederick Jr., NSA deputy deputy director for China, said the People’s Liberation Army had its “longest arm” in cyberspace and was ensuring it had “strike capability” within of critical infrastructure.
Overall, he said, the PLA was trying to develop a modernized force to use against Taiwan by 2027.
Differences
Haugh described it as an unfair fight. The United States had to disrupt Chinese systems within a closed and restrictive environment.
The Chinese, on the other hand, can operate in the United States, an open society where it is much easier to access their targets.
The People’s Republic of China, he said, was pursuing a policy of global domain but it hoped to achieve it without real-world kinetic military fighting, and is using cutting-edge technologies to gain an advantage.
“We must recognize this and confront the People’s Republic of China below the level of armed conflict, particularly in the cyber realm,” he said.
While Haugh did not discuss Cyber Command’s operations inside China, he made clear that it was not only seeking to defend its own networks but also to disrupt attacks against the United States.
He spoke at length about the military’s efforts to disrupt networks that spread malware y ransomware and conduct operations intended to “cause loss of trust within the adversary’s cyber ecosystem.”
“China is carrying out deliberate campaigns to gain advantage in all aspects of national power,” Haugh said.
“The threat posed by China is real: the People’s Republic of China has the desire and the ability to become our peer on the world stage.”