Homeland Security Secretary Alejandro Mayorkas warned leaders from Latin American countries on Thursday that Beijing’s attempts to gain influence via infrastructure partnerships and low-cost technology investments comes with risks that China may exploit the systems it helps finance.
Speaking at a first-of-its-kind Western Hemisphere Cyber Conference, Mayorkas warned that China’s prices are “too good to be true” and that countries in Latin America face a difficult choice about accepting low-cost investments now in exchange for cybersecurity risks in the long term, or what Mayorkas described as “a choice between speed and sovereignty, a choice between vulnerability and security, a choice between up front affordability and the cost of rebuilding after a devastating cyber attack made possible by high-risk hardware and software.”
Mayorkas’s comments come amid growing concern in Washington about Beijing’s growing influence in Latin America and the risk that low-cost Chinese hardware investments, including to build 5G networks, could be used to enable Chinese cyberattacks.
The U.S. “does not seek to force your hand,” but local leaders must “decide which choice best delivers what your countries need,” Mayorkas told the representatives of 20 Latin American countries in attendance. “It is critical that we not give up essential liberty to purchase a little temporary safety.”
The two-day conference hosted at the Organization of American States drew top U.S. cybersecurity officials, including Acting National Cyber Director Kemba Walden, Cybersecurity and Infrastructure Security Agency Director Jen Easterly and Deputy National Security Advisor Anne Neuberger.
Biden administration officials caution that Chinese cyber operations are growing increasingly advanced and see Latin American infrastructure as a target of Chinese hackers. DHS’s recent homeland threats report warned that Chinese hacking groups are developing more bespoke tools to target critical infrastructure, such as railways and pipelines.
Recent reports from cybersecurity firms such as Mandiant and Recorded Future have documented instances of Chinese hackers targeting industrial sectors related to Chinese infrastructure projects, such as the Belt and Road Initiative and the Digital Silk Road.
On Thursday, Mayorkas warned that Latin American countries that accept Chinese aid are likely to be targeted by similar operations, pointing to a 2017 cyberattack targeting Malaysia that was likely triggered by that government’s decision to consider cancelling a Chinese-backed rail project.
Biden administration officials are eager to present Washington as an alternative, more reliable partner than Beijing, including by providing cybersecurity assistance. Though U.S. aid pales in scale compared to what Beijing can offer, Mayorkas pointed to a recent payment of $25 million in assistance to Costa Rica after a ransomware attack crippled the government there as “one example of what that support looks like and what it can look like.” The U.S. has previously issued similar assistance to Albania following Iranian cyberattacks in February.