On the eve of the U.S. presidential changeover, the head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned that the cyber threat from China and other international rivals remains a serious concern.
In a blog post Jan. 15, outgoing CISA Director Jen Easterly noted several recent cyber campaigns targeting U.S. infrastructure by actors linked to China, such as the Volt Typhoon hacking group that CISA last year said had been actively infiltrating U.S. infrastructure organizations for at least five years. (See CISA Highlights China Threat in 2024 Priorities Report.) She also mentioned the Salt Typhoon group that breached the networks of dozens of telecommunications firms, along with federal government organizations.
Easterly recalled her testimony last year at a hearing of the House Select Committee on the Chinese Communist Party, when she warned that China’s cyber warfare forces were intent on causing “societal panic” in a future conflict over the U.S. (See China Preparing to ‘Wreak Havoc’ on US, Cyber Officials Warn.) Specifically, she reiterated her concern that China’s ambition to take over Taiwan could precipitate such a conflict.
“Chinese leader Xi Jinping has pledged on numerous occasions … to achieve ‘reunification’ with Taiwan, a move analysts assess will likely occur, either peacefully or militarily, by the end of this decade,” Easterly wrote. “Such action could be accompanied by disruptive attacks against ‘everything, everywhere, all at once:’ our transportation nodes, our telecommunications services, our power grids, our water facilities and likely much more — all with the goal of inducing societal panic and deterring our [willingness] … to expend American blood and treasure in defense of Taiwan.”
While Easterly praised the work of CISA and its partners in the public and private sectors to neutralize China’s cyber ambitions, she acknowledged that what the agency has found “is likely just the tip of the iceberg” and that facing down this growing threat will require “robust cyber defense and vigilance” from all sectors. She said CISA has three lines of effort underway to address the cyber risk:
-
- Help victims identify and remove Chinese cyber actors from their networks.
- Plan cyber defense with key partners in the information technology, communication and cybersecurity industries.
- Deliver cyber threat reduction services to critical infrastructure operators.
However, Easterly also called these efforts “necessary but insufficient,” noting that the China-backed cyber actors are “largely taking advantage of known … defects” in information technology products. She also called the U.S. technology base “inherently insecure” because the industry has “prioritized features and speed to market over security” for years. Easterly warned that infrastructure partners and technology manufacturers must play their part in improving security by:
-
- Reporting every cyber incident to CISA.
- Establishing a relationship with the local CISA team and enroll in the agency’s services.
- Committing to cyber resilience at the executive level.
- Designing, building and deploying technology products using CISA’s Secure by Design guidance.
Easterly reportedly plans to step down Jan. 20 when former President Donald Trump is inaugurated for his second term, along with other political appointees in the agency. Trump, who fired CISA’s founding director Chris Krebs in 2020 for contradicting his claims of cyber interference in the presidential election that he lost, is said to be considering Sean Plankey, a former official of the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response, as Easterly’s replacement. (See After Contradicting Trump, Krebs Out at CISA.)
