I’ve got a scary story about technology for you.
Nope, not the Crowdstrike meltdown. Here’s one you might have missed.
China has hacked into our power grid.
The NSA, FBI, and CISA (“Cybersecurity & Infrastructure Security Agency”) went public a year ago with details about Volt Typhoon, a Chinese effort to plant malware in power grids, transportation companies, and utilities that handle water and wastewater.
In 2024, security experts have become more worried. The malware is shape-shifting, difficult to find, nearly impossible to remove. Unlike other hacks, the goal of Volt Typhoon is to lurk unseen until a conflict breaks out between the US and China – and then literally turn off the lights.
During a hearing on Jan. 31, 2024, FBI director Christopher Wray told a Congressional committee that Volt Typhoon is “the defining threat of our generation.”
We’re staring into the abyss. As if we didn’t already have enough reasons to feel that way.
Does this have anything to do with the Crowdstrike hack that caused all the hubbub at airports?
Volt Typhoon has nothing to do with the meltdown last week.
The news last week concerned a mistake by a security company named Crowdstrike that brought down airports and banks. It was a major cock-up, to be sure! But it’s a simple story. Big companies protect their IT infrastructure with tools that handle security and network monitoring. If the security companies running those tools are compromised or do something stupid, it can affect all the businesses that rely on their software.
Three years ago, the Russians hacked into monitoring software distributed by Solarwinds and gained access to many government agencies and large companies. I wrote a series of articles about the Solarwinds hack, including one that explains “supply-chain attacks.”
Crowdstrike wasn’t hacked. They just screwed up a routine update. Because of its position in the supply chain for banks, airports, and many others, the results happened to be spectacularly disruptive.
The long lines at airports last week are a reminder that we depend on computer networks to keep society running.
Keep that in mind as you read about Volt Typhoon.
Volt Typhoon and Chinese cyber espionage
In 2021, national security officials and researchers spotted Chinese malware burrowing into infrastructure environments even though they did not have any immediate intelligence value. This was quite different than the usual hacking efforts that seek to download confidential data.
Microsoft went public about the Chinese malware, dubbed “Volt Typhoon,” in July 2023. At the same time, the NSA and other agencies in the US, Australia, Britain, New Zealand, and Canada, published a lengthy advisory with broader warnings about the Chinese hacking effort.
Volt Typhoon (the name refers both to the state-sponsored group and the malware it is distributing) is positioned to sow chaos and disrupt our power grid if open conflict breaks out between the US and China. According to security specialist Robert Lee: “‘What is concerning to us is not just that they’ve deployed very specific capabilities to do disruption,’ Lee said. ‘The concern is the targets they have picked, across satellite, telecommunications, and electric power generation, transmission, and distribution,’ which he stressed are cherry-picked for their ability to cause the most disruption to American lives should they be taken offline.”
A portion of the Volt Typhoon network was broken up by US authorities in January 2024, but that only chipped away at a tiny corner of the massive assault on US infrastructure.
The US Secretary of State and a high State Department official visited China in person in April 2024 to convey that Volt Typhoon was crossing a dangerous and provocative line. “Secretary Blinken was very clear that holding American critical infrastructure at risk — especially civilian critical infrastructure — is dangerous. It’s escalatory. It’s unacceptable,” according to Nathaniel Fick, State Department ambassador.
US government agencies have issued several public documents to alert everyone – IT security companies, infrastructure agencies, large companies – to the Chinese threat. In a Joint Cybersecurity Advisory in February, the CSA said:
“The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations—primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors—in the continental and noncontinental United States and its territories, including Guam. Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.” (emphasis added)
The malware planted in our systems by Volt Typhoon is hard to find, hard to remove – and it is already deeply embedded in more US systems than we can count. When the New York Times wrote about it last year, it said, “Officials acknowledge that they do not know the full extent of the code’s presence in networks around the world, partly because it is so well hidden. The discovery of the malware has touched off a series of Situation Room meetings in the White House in recent months, as senior officials from the National Security Council, the Pentagon, the Homeland Security Department and the nation’s spy agencies attempt to understand the scope of the problem and plot a response.”
Yikes.
The Chinese are stonewalling, of course. Their official response last week was to claim that US talk about Volt Typhoon is nothing but a swindling campaign by US agencies to bolster their budgets. China’s “National Computer Virus Emergency Response Center” published a 20 page report titled, “Lie to me: A secret Disinformation Campaign targeting US Congress and Taxpayers conducted by US Government agencies.”
It’s, um, not convincing.
Can you provide any background to put the Chinese hacking into perspective?
There’s a bigger picture. There is no evidence to prove it, but there is strong reason to believe that we are doing the same thing to China.
Cyber warfare is the modern equivalent of the global arms race from the 1950s to the 1990s. If the bits start flying, a cyber war has the potential to be just as destructive as a nuclear war. Modern life depends on our networks to power our electrical grid, run the hospitals, keep infrastructure working, and coordinate the supply chain that brings us food and water and clothes. The global superpowers are in an uneasy truce built on the same doctrine of mutually assured destruction: China does not launch crippling attacks on American networks because they’re afraid we’ll retaliate and do more damage to them.
The fear of devastating cyberattacks is at the center of American defense strategy. Every year intelligence agencies prepare a global “Threat Assessment” for Congress; for several years cyberattacks have been the number one threat on the list. (More info about that here.) It is arguably more important to our decision-makers than anything to do with conventional warfare. Today’s cyber world is in roughly the same position as the nuclear world from the 1950s to the 1990s: tense but stable global peace. All sides implant backdoors and viruses in as many foreign networks as possible, little electronic nuclear bombs, and only fear of retaliation keeps them from being detonated.
Our government professes great outrage about cyberattacks against the US, but will not tolerate any discussion of our own capabilities and intentions – in part because we are launching the same type of attacks and when all is said and done, we did it first.
In the 1960s, American citizens knew that nuclear weapons existed; schoolchildren were taught to be afraid, ready to hide under their desks if they saw a flash.
In the 2000s, the threat is arguably just as great. But it will be harder to hide under desks if the cyber bombs go off because you won’t be able to see the desks because the lights will be out.
I’m glad we were able to have this little chat. Have a nice day!