Cyber Actors Preparing to Exploit Critical US Infrastructure: Intelligence Chief

‘These actors put a premium on preparing offensive capability during peacetime,’ Director of National Intelligence Avril Haines said.
Cyber Actors Preparing to Exploit Critical US Infrastructure: Intelligence Chief
Director of National Intelligence Avril Haines speaks during a hearing with the Senate Armed Services Committee in Washington on May 4, 2023. Anna Moneymaker/Getty Images
Andrew Thornebrooke
Updated:
0:00

Malicious cyber actors are ramping up attacks on critical infrastructure, infiltrating U.S. systems in preparation for a major conflict, according to a senior government official on May 2.

There was a 74 percent increase in the number of cyberattacks globally in 2023, according to Director of National Intelligence Avril Haines.

Most of those attacks targeted U.S. health care and industrial control systems.

“Cyber actors are attacking U.S. industrial control systems which are typically used to automate industrial processes at record levels,” Ms. Haines said during a hearing of the Senate Armed Services Committee.

“These actors put a premium on preparing offensive capability during peacetime, in part by preemptively planting footholds in our infrastructure.”

The systems targeted in 2023 spanned virtually every major sector of American society, she said, including defense, energy, transportation, and food and water supply.

Most of the attacks exploited weak passwords, unpatched vulnerabilities, or poorly secured networks on commercial devices, according to Ms. Haines.

Although many of the intrusions appeared to be preplacing malware to be used in the event of a major conflict, she said the sheer number of attacks significantly raised the risk of a catastrophic attack on critical U.S. infrastructure.

“Although the likelihood of a single attack having a widespread effect interrupting critical services remains low, the increased number of attacks and the actors’ willingness to access and manipulate these control systems increases the collective odds that at least one could have a more significant impact,” Ms. Haines said.

The testimony comes just months after the intelligence community revealed a years-long campaign by state-backed hackers in China to infiltrate critical U.S. systems, which officials said threatened the physical safety of Americans.
An advisory released by the Cybersecurity and Infrastructure Security Agency shortly thereafter linked the campaign to a wider effort by the Chinese Communist Party (CCP) to pre-position malware in U.S. infrastructure to be used with devastating effect in the event of a war.

“[Chinese] state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States,” the advisory reads.

That malware targeted water, gas, energy, rail, air, and port infrastructure, exploiting vulnerabilities in the systems of private entities responsible for managing infrastructure, rather than attacking federal systems directly.

Following that incident, several House committees released open letters asserting that the nation’s giant ship-to-shore cranes, which are required to run the country’s ports, had also been installed with mystery modems that may allow the cranes’ Chinese manufacturer to remotely seize control.

As part of another cybersecurity investigation, some of the modems in question were also found to have active connections to the operational components of the cranes, suggesting that they could be remotely controlled by a device that no one previously knew was there.

A cache of hacking-related documents leaked in February likewise suggested that the CCP is directly subsidizing overseas cyberespionage against critical infrastructure.

To that end, Ms. Haines said CCP leader Xi Jinping was “doubling down” on China’s efforts to solidify its control in key sectors such as artificial intelligence, robotics, and high-performance computing, even as China faces a 77 percent decrease in direct foreign investment.

The regime leadership believes that instability and competition with the United States are here to stay and is working thus to undermine the most important U.S. cybersystems, she said.

“President Xi and his senior leadership expect some degree of future instability in the bilateral relationship with the United States and they continue to believe that the United States is committed to containing China’s rise and undermining the party’s rule,” Ms. Haines said.

Andrew Thornebrooke
Andrew Thornebrooke
National Security Correspondent
Andrew Thornebrooke is a national security correspondent for The Epoch Times covering China-related issues with a focus on defense, military affairs, and national security. He holds a master's in military history from Norwich University.
twitter