The CrowdStrike-linked outage is called a ‘dress rehearsal’ for what may have been planned for U.S. critical infrastructure by the CISA director.
LAS VEGAS — the faulty CrowdStrike Falcon update that made large number of PCs all over the world to malfunction was “a helpful activity” for understanding what Chinese-linked cyber operations focused on sensitive U.S. organizations could achieve, a top U.S. cybersecurity official said Wednesday.
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Organization, told an enormous group at the yearly Dark Hat cybersecurity conference that the fallout of the CrowdStrike situation — which disrupted medical care, canceled flights and shuttered retailers — showed what effects Chinese-linked activity tracked as Volt Typhoon could generate.
Easterly said during a keynote address alongside top cybersecurity officials from the U.K. and Europe, “What was going through my mind was that, oh, this is exactly what China wants to do, but without rolling back the updates such that we could all reboot our systems.”
Volt Typhoon is the Microsoft-given name for suspected Chinese digital action targeting critical infrastructure organizations associations in the US. Authorities from the U.S. furthermore, other western nations have, for over a year, cautioned that the Chinese-linked group aims to pre-position cyber capabilities in key networks to be able to disrupt operations in the event of military conflict or crisis involving China.
Easterly said, “The operators are embedding in our critical infrastructure, specifically not for espionage or data theft or IP theft, but to launch disruptive or destructive attacks in the event of a major conflict in the Taiwan Strait.”
“A war in Asia will be accompanied by very serious threats to Americans — the explosion of pipelines, the pollution of water systems, the derailing of our transportation systems, the severing of our communications,” Easterly said. These operations, she added, aim to incite panic and undermine the ability of the United States to marital its military capabilities.
The Chinese government has consistently denied it is preparing for such operations, alleging that Volt Typhoon is a U.S. disinformation campaign to frame China.
During a keynote discussion of election security efforts with Felicity Oswald, head of the UK’s National Cyber Security Centre, and Hans de Vries, chief operational officer for the European Union Agency for Cybersecurity (ENISA), Easterly responded to a question about the CrowdStrike incident.
The threesome examined their separate organizations’ endeavors to fabricate flexibility inside political race frameworks notwithstanding disinformation, conveyed forswearing of administration or ransomware assaults, as well as specialized programming disappointment or disturbances directly following the CrowdStrike episode.
Easterly told journalists in a discussion after the feature board that China is a top digital danger to the U.S. no matter how you look at it.
Volt Typhoon activity has targeted a range of critical infrastructure sectors and is “likely just the tip of the iceberg,” Easterly said. “And there is, we believe, much we are not seeing.”
She said improving the resilience of digital ecosystems is key to withstanding disruptions and addressing the hacking threat posed by China and more quickly recover from outages.
Easterly said of the CrowdStrike update, “for a terrible incident, it was a useful exercise — a dress rehearsal for what China may want to do to us.” Easterly was referring to the incident.
