Top U.S. cyber official offers 'stark warning' of potential attacks on infrastructure if tensions with China escalate

Such tactics would be a stark change from the cyberactivity historically attributed to China, usually espionage and data theft but not destructive attacks.

Cybersecurity and and Infrastructure Security Agency Director Jen Easterly in 2021 Kevin Dietsch / Getty Images/FILE

LAS VEGAS —  China’s hackers have been positioning themselves to conduct destructive cyberattacks on U.S. critical infrastructure, a top U.S. cyber official warned Saturday.

Speaking at a panel at the Def Con hacker conference in Las Vegas, Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Agency, said, “I hope that people are taking seriously a pretty stark warning about the potential for China to use their very formidable capabilities in the event of a conflict in the Taiwan straits to go after our critical infrastructure.”

Such attacks would reflect a significant pivot from the type of cyberactivity historically attributed to China, which for years has largely consisted of a barrage of espionage and theft of data but not destructive attacks designed to harm systems.

Chinese officials have denied reports of state-sponsored hacking and say that China is itself a frequent victim of cyberattacks, alleging that the U.S. is “the champion of hacking.” In May, Foreign Ministry spokesperson Mao Ning referred to hacking reports as a “collective disinformation campaign” by the U.S. and its allies.

Easterly’s comments mirrored several other alarms raised this year about China’s potential to conduct destructive cyberattacks. In May, Microsoft warned that hackers affiliated with the Chinese government were targeting critical U.S. infrastructure.

In its most recent Annual Threat Assessment, published in February, the national intelligence director’s office said that “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”

Last month, The New York Times reported that the U.S. was more actively hunting for Chinese hackers in critical infrastructure than previously had been known.

China would “almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure and military assets worldwide” if it believed conflict with the U.S. was imminent, the report said.

The hackers affiliated with campaigns targeting U.S. infrastructure are particularly adept at “living off the land,” where they use victims' existing computer processes rather than introducing new malicious software, a practice that makes them harder to detect, Easterly said.

David Pekoske, the director of the Transportation Security Administration, which oversees the security of U.S. pipelines, ports, railways and aviation, said at the panel that critical infrastructure operators need to prepare for such cyberattacks immediately not to be caught off guard in the future.

“Time is not our friend in this quest. We need to move very, very quickly. That’s why we’ve moved so quickly and so have our industry partners," Pekoske said. "We need to be ready now."