Experts Call on Feds to Step Up Defense Against Escalating Chinese Threats
Cybersecurity experts called on key federal departments to do more to proactively combat escalating cyberthreats from China, including enhanced public-private collaboration and increased investments in threat intelligence, critical infrastructure resilience and advanced defensive technologies.
Threat actors linked to Beijing are intensifying sophisticated espionage campaigns and hacking operations targeting U.S. critical infrastructure and top officials, cybersecurity experts testified during a Senate Judiciary Committee hearing Tuesday. But agencies can be doing more to meet the moment and defeat growing cyber threats, according to Adam Meyers, senior vice president of counter adversary operations for CrowdStrike.
That could include “increasing collaboration with industry on threat hunting practices and particularly on performing threat actor infrastructure takedowns,” Meyers recommended in his prepared testimony.
“Efforts along these lines do take place periodically,” he noted. “But regrettably, from my vantage, the threat environment has worsened more rapidly than our capacity to execute such operations has increased.”
The hearing comes after the FBI and Cybersecurity and Infrastructure Security Agency said earlier this month that an ongoing federal investigation revealed a “broad and significant cyberespionage campaign” targeting private communications of government and political figures.
The probe uncovered that hackers affiliated with Beijing infiltrated multiple telecommunications networks, stealing customer call records and duplicating sensitive data related to law enforcement requests, according to the announcement. The espionage campaign was attributed to Salt Typhoon, a threat actor linked to China’s intelligence service, which penetrated systems managing court-authorized wiretaps (see: FBI Updates on Vast Chinese Hack on Telecom Networks).
The threat landscape could become increasingly complicated over the next five years as the number of connected IoT devices are expected to reach over 30 billion, according to David Stehlin, CEO of the Telecommunications Industry Association.
“While the attack possibilities are endless, we must have a defense in depth which starts with supply chain security,” Stehlin told lawmakers. Many vulnerabilities are “being exploited at an increased rate” even though many risks could be mitigated “by implanting a secure-by-design approach to ICT products and services.”
Many of the leading technology giants have over reliant relationships with Chinese manufacturing and software companies, said Isaac StoneFish, CEO and founder of the business intelligence firm Strategy Risks. StoneFish told the Senate committee that companies like Apple, Tesla, Amazon and Google all have significant Chinese exposure, which could cause “serious structural risks.”
Stonefish attributed many of the current risks to major tech firms “willingly partnering with Chinese entities and personnel with ties to state security organs,” as well as “poor vetting of supply chains with significant exposure to human rights abuses.”