The United States must prepare for an uptick in cyberattacks from a growing number of global threat actors, with China posing the most significant danger, according to Michael C. Casey, director of the National Counterintelligence and Security Center. Speaking at the CNBC CEO Council Summit in Washington, D.C., on Tuesday, Casey highlighted the escalating cybersecurity threats the U.S. faces.
Casey described China as the “most prolific actor” in cyber espionage, aggressively targeting the U.S. across various sectors. He noted a 100% increase in cyber incidents and ransomware demands, emphasizing that China has identified technology as America’s strategic advantage and has focused on acquiring it through cyber operations. “China has published their list of desired technologies and then they go get it and it works,” Casey said.
One of the most concerning aspects of China’s cyber strategy involves infiltrating networks controlling critical U.S. infrastructure. Air Force Gen. Timothy Haugh, commander of U.S. Cyber Command, revealed that Chinese hackers have been pre-positioning cyber tools in these networks, potentially preparing for future large-scale sabotage. “We see attempts to be latent in a network that is critical infrastructure, that has no intelligence value, which is why it is so concerning,” Gen. Haugh told The Wall Street Journal.
The program known as Volt Typhoon has targeted controls for water systems on Guam, a key military hub in the Pacific. This initiative is part of a broader Chinese strategy to disrupt U.S. society during a conflict. FBI Director Christopher Wray testified that China’s cyber operations dwarf those of the U.S., outnumbering FBI cyber resources by 50 to 1.
In response to these threats, the U.S. Justice Department has indicted seven Chinese nationals for targeting critical infrastructure sectors, including an energy company and a defense firm. Additionally, the Treasury Department has sanctioned two of these individuals and a company linked to China’s Ministry of State Security.
Casey urged CEOs to adopt a layered defense strategy to protect their companies from cyber threats. He emphasized the importance of understanding which company secrets need protection and controlling access to sensitive information. Casey also highlighted the need to identify and support employees who might be vulnerable to recruitment by adversaries due to personal issues.
CEOs are encouraged to collaborate with the public sector, particularly by establishing connections with local FBI representatives. Casey stressed the importance of running worst-case scenario drills to prepare for potential cyberattacks on critical infrastructure.
Expanded Coverage: