Easterly: Potential Chinese cyberattack could unfold like CrowdStrike error
LAS VEGAS — The faulty CrowdStrike Falcon update that caused millions of computers around the world to malfunction was “a useful exercise” for understanding what Chinese-linked cyber operations focused on sensitive U.S. networks could accomplish, a top U.S. cybersecurity official said Wednesday.
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, told a large crowd at the annual Black Hat cybersecurity conference that the fallout of the CrowdStrike situation — which disrupted medical care, canceled flights and shuttered retailers — showed what effects Chinese-linked activity tracked as Volt Typhoon could generate.
“What was going through my mind was that, oh, this is exactly what China wants to do, but without rolling back the updates such that we could all reboot our systems,” Easterly said during a keynote address alongside top cybersecurity officials from the U.K. and Europe.
Volt Typhoon is the Microsoft-given name for suspected Chinese cyber activity targeting critical infrastructure organizations in the United States. Officials from the U.S. and other western countries have, for more than a year, warned that the Chinese-linked group aims to pre-position cyber capabilities in key networks to be able to disrupt operations in the event of military conflict or crisis involving China.
The operators are “embedding in our critical infrastructure, specifically not for espionage or data theft or IP theft, but to launch disruptive or destructive attacks in the event of a major conflict in the Taiwan Strait,” Easterly said.
“A war in Asia will be accompanied by very serious threats to Americans — the explosion of pipelines, the pollution of water systems, the derailing of our transportation systems, the severing of our communications,” Easterly said. These operations, she added, aim to incite panic and undermine the ability of the United States to martial its military capabilities.
The Chinese government has consistently denied it is preparing for such operations, alleging that Volt Typhoon is a U.S. disinformation campaign to frame China.
Easterly’s comments came in response to a question about the CrowdStrike incident during a keynote discussion of election security efforts that also included Felicity Oswald, head of the U.K.’s National Cyber Security Centre, and Hans de Vries, the chief operational officer for the European Union Agency for Cybersecurity (ENISA).
The trio discussed their respective agencies’ efforts to build resilience within election systems in the face of disinformation, distributed denial of service or ransomware attacks, as well as technical software failure or disruptions in the wake of the CrowdStrike incident.
Easterly told reporters in a conversation after the keynote panel that China is a top cyber threat to the U.S. across the board.
Volt Typhoon activity has targeted a range of critical infrastructure sectors and is “likely just the tip of the iceberg,” Easterly said. “And there is, we believe, much we are not seeing.”
She said improving the resilience of digital ecosystems is key to withstanding disruptions and addressing the hacking threat posed by China and more quickly recover from outages.
“For a terrible incident,” Easterly said, referring to the CrowdStrike update, “it was a useful exercise — a dress rehearsal for what China may want to do to us.”
