FBI Director Christopher Wray issued an ominous warning to Congress on Jan. 31 about China’s plan to "wreak havoc" on U.S. critical infrastructure. To drive the point home, Wray revealed that Chinese cyber hackers outnumber American information operations personnel by 50 to 1.
As a former Defense Intelligence Agency officer specializing in foreign cyber warfare doctrines and operations, I participated in wargames simulating a cyber conflict between the United States and its top adversaries. Congress and my fellow Americans must know that China is not the only U.S. foe that’s building a cyber weapons arsenal with the intent of targeting our country.
Here’s a list of top cyber state actors that pose the highest threat to the U.S. homeland, according to Intelligence Community estimates.
RUSSIA IS TARGETING THE US HOMELAND WITH ITS STRATEGY OF CYBER ARMAGEDDON
Russia:
Russia has the most sophisticated and destructive arsenal of cyber weapons of any foreign nation. Moscow’s war-fighting doctrine envisions cyberspace as a theater of military operations, akin to land, sea, air and, recently, space. Russia’s war planners view cyber as a strategic non-kinetic tool that is comparable to nuclear weapons because it can cripple the adversary’s military, economy and vital support structures such as hospitals. Cyber, rationalize the Russians, can achieve the same results as WMD, but without producing a nuclear mushroom cloud that would kill millions of people and devastate the land.
The Russians developed cyber weapons as an asymmetric capability to offset our superiority in conventional arms. With cyber, Russia believes it can have an upper hand, in the event of a direct conflict with the U.S., for example, for control over Ukraine, which Russia considers part of its strategic security perimeter.
For more than a quarter of a century, Russia has studied our vulnerabilities, mapped out access to our critical infrastructure, and practiced conducting cyber intrusions into our networks and computer systems. Vladimir Putin’s top cyber strategist, Igor Dylevsky, once stated that by launching "computer attacks on the critical infrastructure targets that are vital for the functioning of a society, it is possible to ‘heat up’ the situation in any country, all the way up to the point of social unrest."
The Russians have implanted a sophisticated cyber espionage tool called Snake in the infrastructure of more than 50 countries across North America, South America, Europe, Africa, Asia and Australia, to include the U.S. Snake malware was designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets, according to the U.S. Cybersecurity & Infrastructure Security Agency (CISA).
SPACE WARFARE: US, CHINA, AND RUSSIA ARE GEARING UP FOR THE NEXT FRONTIER OF ARMED CONFLICT
The Russians have compromised the networks of many sectors of the U.S. economy and countless government agencies, including the White House, the State Department and the Pentagon. The 2019 Intelligence Community Annual Threat Assessment warned about Russia’s ability to "disrupt electrical distribution networks for at least a few hours."
Since at least March 2016, Russian cyberthreat actors have targeted the computer systems of several U.S. critical sectors with malware. Six out of the 16 sectors designated by the Department of Homeland Security (DHS) as critical were penetrated by the Russians, including energy, water, aviation, commercial facilities, critical manufacturing and nuclear facilities. In Ukraine, the Russians have demonstrated the ability to orchestrate a mass energy blackout in the middle of a freezing winter.
Russian hackers are the fastest of all foreign cyber actors. In 2019, the Russians demonstrated break out time – the speed with which they move through the victims’ network, from gaining a foothold to full-on breach – is 18 minutes and 49 seconds, according to U.S. cybersecurity firm Crowdstrike. This means that U.S. cyber defenders have less than 20 minutes to detect and stop the intrusion, a formidable task.
China:
China in recent years shifted its focus from cyber espionage, which enabled it to steal sensitive American technologies and incorporate them into Beijing’s weapon systems, to cyber operations that can cause real-world harm, such as direct attacks on our vital infrastructure. The 2023 Intelligence Community Annual Threat Assessment revealed that "China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems."
CHINESE HACKERS OUTNUMBER FBI CYBER PERSONNEL ‘BY AT LEAST 50 TO 1,’ WRAY TESTIFIES
Like Russia’s, China’s battle plans also include crippling cyber attacks on U.S. military, government and vital assets worldwide, as part of Beijing’s "unrestricted warfare," a concept developed by Chinese military theorists in the 1990s and described by two colonels in the People's Liberation Army (PLA), Qiao Liang and Wang Xiangsui, in 1999.
As part of the cyber preparation of the battlefield, Chinese hacking legion Volt Typhoon has been inserting malware on internet-connected devices such as network routers, in order to trigger, at the time and place of their choosing, disruptions in the supply of water and power, and in transportation services, according to recent congressional testimonies by the directors of the FBI, NSA and CISA.
According to a joint Cybersecurity Advisory issued on Feb. 7 by six U.S. and four allied cybersecurity and intelligence agencies, Chinese cyber operatives gained stealthy access to U.S. critical infrastructure networks in "Communications, Energy, Transportation Systems, and Waste and Wastewater Systems Sectors – in the continental and non-continental United States and its territories."
China’s implants waited five years, ready to attack, if activated. The PRC would likely trigger such cyber attacks on our assets if its intelligence services assessed that "a major conflict with the United States was imminent," for example, if Washington were to intervene in China’s invasion of Taiwan, on Taipei’s behalf.
CLICK HERE TO GET THE OPINION NEWSLETTER
Both Chinese and Russian cyber warfare doctrines envision threatening or unleashing chaos and societal panic in the homeland as a way of deterring Washington from deploying U.S. forces into the theater in areas that China and Russia perceive as their respective spheres of influence in Eurasia. The timing of the attack is during the escalation of hostilities, in the run-up to a full-on conflict.
North Korea:
North Korea’s cyber program has evolved to include "sophisticated and agile espionage, cybercrime, and attack" operations. The 2023 IC unclassified report revealed that "Pyongyang probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States." North Korea’s financial cybercrime operations likely enabled Pyongyang to advance its nuclear program.
According to a recent report by the United Nations, experts were investigating "58 suspected DPRK cyberattacks on cryptocurrency-related companies between 2017 and 2023, as a result of which Pyongyang stole approximately $3 billion." The funds were reportedly directed towards "DPRK’s WMD development."
Iran:
Iran is also willing to conduct aggressive cyber operations against our networks and its expertise is growing, according to the 2023 IC assessment. The report warns that owners of U.S. critical infrastructure are "susceptible to being targeted by Tehran." Indeed, on Nov. 25, Iranian hackers took control of a part of the Municipal Water Authority of Aliquippa, in western Pennsylvania near Pittsburgh, forcing the facility to switch to manual systems of delivering water to two towns.
The breach, enabled by the hacking of portable logic controllers produced by Israeli company Unitronics, impacted facilities in multiple states, according to the FBI. Fortunately, the incident was quickly remediated and damage was contained. But this horrific cyberattack had the potential to cause devastating humanitarian consequences and to harm the public.
The culprits were members of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), directed by Hamid Reza Lashgarian, the head of the IRGC-CEC and a commander in the IRGC-Qods Force. The Treasury’s Office of Foreign Assets Control placed him and other connected individuals on the sanctions list.
CLICK HERE TO GET THE FOX NEWS APP
Despite more than a decade worth of "indications and warnings" (I&Ws) about looming foreign cyber threats, U.S. networks remain vulnerable to cyber intrusions. According to the Government Accountability Office’s report published last February, although 106 cybersecurity recommendations were made, since 2010, in order to mitigate vulnerabilities of federal systems, nearly 57% of those recommendations had not been implemented as of December 2022.
Consequently, "the U.S. grid’s distribution systems – which carry electricity from transmission systems to consumers and are regulated primarily by states – are increasingly at risk from cyberattacks" and their vulnerabilities are growing, in part because of industrial control systems’ increasing connectivity, according to the GAO.