The Department of Homeland Security’s top cybersecurity official said Monday that intelligence sharing with U.S. critical infrastructure operators in the run-up to Russia’s invasion of Ukraine should be a model for addressing the threat posed by Chinese hacking groups.
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, said that the quick declassification of sensitive information about Russian cyber operations in Ukraine and potential threats to U.S. targets was a “great model for what we need to do” to ensure that both sources and methods are protected while also ensuring that the information is getting “to people who need it so they can reduce risk to our nation.”
“I think it set the stage for how we need to deal with a whole range of threats to include, really, I think the epoch defining threat of China,” Easterly said at an Aspen Institute event on Monday.
Speaking at a separate event on Monday, Rep. Raja Krishnamoorthi, D-Ill., echoed Easterly’s call for transparency, saying that Ukraine’s “radical disclosure and radical sharing” help effectively combat cyber attacks during the invasion.
“That’s the type of attitude I think we need to take with regard to any adversarial regime, whether it’s Russia and certainly in the case of the CCP,” said Krishnamoorthi, who is the ranking member of the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party.
Easterly noted that CISA created a “Ukraine tensions plan” at the start of the invasion and carried out an exercise alongside critical infrastructure owners and operators that explored how to respond and communicate with the private sector in the event of an significant attack on U.S. soil and make U.S. information sharing more proactive.
Easterly also pointed to the role government can have in helping critical infrastructure to develop secure by design code by leveraging the “purchasing power” of the federal government.
To encourage U.S. businesses and institutions to improve their cybersecurity posture and defend against potential Russian attacks amid the invasion of Ukraine, Easterly’s CISA launched the “Shields Up” campaign, and Easterly said on Monday that ultimately “we’ll see a Shields Up campaign extended to what we see from China.”
Easterly’s call for a focus on the threat posed by China comes on the heels of Microsoft and U.S. intelligence agencies revealing that a Chinese-linked hacking group dubbed “Volt Typhoon” targeted critical infrastructure in the United States, including telecommunications infrastructure in Guam. Microsoft said with moderate confidence that the campaign aimed to give China the ability to disrupt communications between the United States and Asia in the event of a crisis.
Easterly noted that the U.S. intelligence community’s annual threat assessment recently warned that Chinese cyber operations are increasingly focused on disruptive and destructive impacts in the past and are beginning to resemble Russian operations.
“In the event of a conflict, China will almost certainly use aggressive cyber operations, to go after our critical infrastructure to include pipelines and rail lines to delay military deployment and to induce societal panic,” Easterly said. “This, I think, is the real threat that we need to be prepared for and to focus on and to build resilience against.”
Amid these threats, Easterly said that the panicked reactions in the United States to events such as the Colonial Pipeline ransomware attack in 2021 that disrupted gas supplies and the Chinese spy balloon that drifted over U.S. territory earlier this year points to a society ill equipped to respond. “We’ve lost a bit of societal resilience,” Easterly said.