The Year of Volt Typhoon

The Year of Volt Typhoon
A hacker uses his computer in Dongguan, China's southern Guangdong Province, on Aug. 4, 2020. Nicolas Asfouri/AFP via Getty Images
John Mills
Updated:
0:00
Commentary
At a recent testimony in front of Congress on Jan. 31, both Federal Bureau of Investigation (FBI) Director Christopher Wray and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly gave stark accounts of Chinese preplacement of malware on critical infrastructure.
Some called it a “digital Pearl Harbor” scenario. This is not new; Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response, and Service Branch, used this expression in 2012.
This testimony by Mr. Wray and Ms. Easterly was sobering. Ms. Easterly characterized the Chinese actions starkly, “This is truly an ‘Everything Everywhere, All at Once’ scenario.”

In military operations, the term for these kinds of actions before a conflict is known as “Operational Preparation of the Battlefield,” or sometimes it is shortened to “Advance Force Operations.”

The tip of the spear for such actions by the Chinese Communist Party is the mundane-sounding “Strategic Support Force” (SSF), which is the People’s Liberation Army equivalent of the U.S. Special Operations Command plus portions of the National Security Agency and the Central Intelligence Agency all in one. Fentanyl and Chinese paramilitary operators coming across the unsecured U.S. southern border could also be traced to the SSF.

Chinese Preplacement of Malware 1st Noticed in Guam

Although the recent testimony by Mr. Wray and Ms. Easterly was shocking, it was a little bit of a recycled news event. Volt Typhoon, the name of the intrusion set Mr. Wray and Ms. Easterly were referring to, was first publicly reported almost a year ago. It was announced by Microsoft in May and then surfaced again in about July. Volt Typhoon received some attention, but the initial public reporting was still in the shadow of the initial Chinese spy balloon episodes and perhaps was not totally understood in its significance.
The initial reports of the malware emplacement were a bit “techie” and glossed over the gravity of the situation. There is an evolving process and protocol in different information-sharing environments, such as the Enduring Security Framework, which is one of the senior-level entry points for information sharing between industry and government. Trending new cyber issues are brought here to be discussed, and response actions are planned and implemented.
The effects of Volt Typhoon could be catastrophic and quite significant. The eight major floating drydocks that the U.S. Navy and the Defense Industrial Base depend on for new construction and repair of vessels were all either built in China or likely retrofitted with motors, pumps, or valves from China and could flip over if improperly flooded. Spycranes are also a related vulnerability and could topple over on command if safety features were remotely overridden. The U.S. government is attempting to study and organize this broad and pervasive Chinese advance force operation that is intended to prepare the cyber battlespace and disable America’s critical infrastructure.

NDAA Section 1088: A Tabletop Exercise on Attacks on Critical Infrastructure

Buried in the 2023 National Defense Authorization Act (signed in December 2022) is the easy-to-overlook Section 1088 language. It was a tip that things were serious regarding the Chinese blitz on the cyber playing field.

A national tabletop is essentially a gathering of senior government officials, think tanks, and industry representatives to gather and go over different scenarios and develop the best courses of action to respond to the identified threat. The language put the Department of Defense in the lead, vice the Department of Homeland Security.

The description of the tabletop exercise was “to assess the resiliency of United States domestic critical infrastructure supporting United States military requirements in the event of a military contingency involving Taiwan.” When precise, prescriptive language is given in legislation (now enacted law), it usually indicates extensive coordination in advance between the executive and legislative branches.
To further decode the government language, congressional and executive branch leaders were very concerned and had been conversing for months, perhaps years, on the topic and now agreed upon action. A classified report has likely been delivered to Congress, and further actions have been taken to safeguard America’s critical infrastructure.

Effective Cybersecurity Depends on Using All Instruments of National Power

Cybersecurity is often thought of as protected internet access points, internal scanning for malware, and key actions such as two-factor authentication. All of this is true, but one of the most effective methodologies to ensure cybersecurity is the effective application of all instruments of national power—diplomatic, information, military, economic, financial, intelligence, and law enforcement (DIMEFIL). Using non-cyber means to deter and, if necessary, punish is one of the most effective ways to keep aggressive intruders like the Chinese regime away from penetrating U.S. critical infrastructure.

The Trump Team knew this and applied DIMEFIL very effectively. The Biden Team seems reticent to use the most effective tools, such as the American economic and financial instruments of national power against China.

Hopefully, the Section 1088 Exercise, which did mandate a holistic report, carefully outlined and triaged all response options. Often overlooked by cyber experts is that the most effective way to deter or stop cyber intrusions and malware is to respond asymmetrically in other domains at the pain points of the opponent.

Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
John Mills
John Mills
Author
Col. (Ret.) John Mills is a national security professional with service in five eras: Cold War, Peace Dividend, War on Terror, World in Chaos, and now, Great Power Competition. He is the former director of cybersecurity policy, strategy, and international affairs at the Department of Defense. Mr. Mills is a senior fellow at the Center for Security Policy. He is author of “The Nation Will Follow” and “War Against the Deep State.” ColonelRETJohn2 on “X”, ColonelRETJohn on Substack, GETTR, and Truth Social
Related Topics