China’s attacks on infrastructure are just the beginning; more to come

May 2, 2024
1 min read

TLDR:

China’s cyberattacks on U.S. critical infrastructure are described as the most serious threat by CISA Director Jen Easterly. The proposed budget for CISA includes a $150 million increase to strengthen cyber threat hunting capabilities. Despite successful engagements, Easterly believes the discovered threats are just the tip of the iceberg in terms of foreign infiltration, specifically from China. There are grave concerns about China’s cyberespionage efforts, with FBI Director Christopher Wray calling the threat unprecedented. CISA also aims to grow its field force to assist target rich, cyber poor organizations in improving their security and resilience.

Article Summary:

The head of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, has identified Chinese cyberattacks on U.S. critical infrastructure as the most serious threat to the nation. The fiscal 2024 budget proposed by President Joe Biden includes a $150 million increase for CISA to strengthen cyber threat hunting capabilities, particularly focused on securing critical infrastructure.

During the past fiscal year, CISA conducted engagements uncovering Chinese advanced persistent threat group Volt Typhoon infiltrating critical systems. Easterly emphasized that these threats are just the tip of the iceberg, with an evolution towards pre-positioning in critical infrastructure for disruption and destruction.

FBI Director Christopher Wray has echoed Easterly’s concerns, calling the threat posed by Chinese actors unprecedented. CISA’s budget boost is also geared towards growing its field force to assist target rich, cyber poor organizations in improving security and resilience. The agency has conducted over a thousand engagements across various sectors to enhance cybersecurity measures.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and