FBI director: Chinese hackers targeting US infrastructure

Attacks on key infrastructure could ‘crush American will for the US to defend Taiwan,’ another official said.

Washington

Updated at 8:50 p.m. ET on 2024-01-31

Chinese state hackers are targeting U.S. civilian infrastructure, including the electrical grid, water treatment plants and transport systems, and are waiting to “wreak havoc” when ordered by Beijing, FBI Director Christopher Wray told Congress on Wednesday.

The aim is to prepare for an “everything, everywhere, all at once” attack that also shuts down hospitals, cell phone networks and air traffic to shake public support for strategic objectives like the defense of Taiwan in the event of a Chinese invasion, another official said.

Wray told the hearing of the House Select Committee on China that the growing risk of such a widespread attack required more attention from lawmakers and the American public alike, given the stakes.

“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure: our water treatment plants, our electrical grid, our oil and natural-gas pipelines, our transportation systems,” Wray said, referring to the People’s Republic of China.

Gaining control of such infrastructure would allow the hackers “to wreak havoc and cause real world harm to American citizens,” he said, “if and when China decides the time has come to strike.”

He also said China was specifically not just targeting military or government infrastructure, and that “low blows against civilians are part of China’s plan” in the event of a confrontation with the United States.

“I do not want those watching today to think we can't protect ourselves, but I do want the American people to know that we cannot afford to sleep on this danger,” Wray added. “We've got to remain vigilant and actively defend against the threat that Beijing poses.”

Call for funds

The FBI director said such efforts were already well underway, with U.S. authorities recently shutting down a Chinese program known as " Volt Typhoon" that successfully compromised thousands of internet routers used by Americans and allowed access to their data.

But he said more funding was needed from Congress to “sustain and build on the gains” made against a very large hacking program.

“To quantify what we're up against, the PRC has a bigger hacking program than that of every major nation combined,” Wray said. “If you took every single one of the FBI cyber agents and intelligence analysts and focussed them exclusively on the China threat, China's hackers would still outnumber FBI cyber personnel by at least 50 to one.”

“As we sit here, while important budget discussions are underway, I will note that this is a time to be keeping ahead of the threat,” he said.

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the threats raised by Wray were “not theoretical,” with her agency having “eradicated Chinese intrusions in multiple critical infrastructure sectors including aviation water, energy and transportation.”

ENG_CHN_ChinaCommittee_01312024.2.jpg
Jen Easterly, Cybersecurity and Infrastructure Security Agency director, testifies before the House Select Committee on China in Washington, D.C., Jan. 31, 2024. (Mariam Zuhaib/AP)

She said it was "Chinese military doctrine to attempt to induce societal panic in their adversary" and that any future invasion of Taiwan would likely be coupled by widespread attacks on U.S. critical infrastructure to "incite societal panic and chaos" and break "civilian will" to help Taipei.

“A major crisis halfway across the planet could well endanger the lives of Americans here at home, through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities and the crippling of our transportation modes,” Easterly said.

No legitimate reason

Beijing "got a little bit of a taste" of the chaos in the wake of the May 2021 ransomware attack on the Colonial Pipeline on the eastern seaboard of the United States, Easterly said, noting that it shut down gas supplies to much of the eastern United States for nearly a week.

ENG_CHN_ChinaCommittee_01312024.3.JPG
A driver walks to his car near an empty gas pump as stations from Florida to Virginia run dry after the shutdown of the Colonial Pipeline by hackers, in Falls Church, Va., May 12, 2021. (Kevin Lamarque/Reuters)

“Americans couldn't get to work, they couldn't take their kids to school, get folks to the hospital; it caused a bit of panic,” Easterly said, adding that a multi-pronged attack would be similar but on a “massive scale.”

“Imagine not one pipeline, but many pipelines disrupted, telecommunications going down so people can't use their cell phone, people start getting sick from polluted water, trains get derailed, air traffic control systems … are malfunctioning,” she said.

“This is truly an ‘everything, everywhere, all at once’ scenario,” she added. “And it's one where the Chinese government believes that it will likely crush American will for the U.S. to defend Taiwan.”

U.S. Cyber Command chief Gen. Paul Nakasone said there were no legitimate reasons for Chinese hackers to target civilian infrastructure in the United States and that there were no comparable American efforts to target civilian infrastructure in China.

ENG_CHN_ChinaCommittee_01312024.4.jpg
U.S. Cyber Command chief Gen. Paul Nakasone testifies before the House Select Committee on China in Washington, D.C., Jan. 31, 2024. (Mariam Zuhaib/AP)

“There's no reason for them to be in our water, there's no reason for them to be in our power,” Nakasone said. “This is a decision by an actor to actually focus on civilian targets; that's not what we do.”

But he said that more had to be done by U.S. authorities to fight against such potential attacks in the face of the growing threat.

‘Could be an act of war’

The role of advanced technology in conflict is already a growing focus of the U.S. military, with the Pentagon on Wednesday also adding more than a dozen Chinese tech companies to a list of firms it says are working to advance Beijing's military modernization efforts.

Rep. Raja Krishnamoorthi, a Democrat from Illinois who is his party’s ranking member on the House Select Committee on China, said he believed that the world may need to get used to state-backed hacking attacks on civilian infrastructure as a part of modern warfare.

He noted a recent Russian cyberattack on Ukraine cut off internet access for "tens of millions of Ukrainians" and was followed by a cyber-attack on Ukraine's electricity grid, which left hundreds of thousands of Ukrainians without power in the middle of winter.

“I just want to send a message to anybody who's paying attention here, whether it's the [Chinese Communist Party] or anyone else who would intend to put malware into our critical infrastructure: First, we will attribute it back to you if it's activated. Secondly, that could be an act of war. And third, we will respond decisively,” Krishnamoorthi said.

Chinese Embassy spokesperson Liu Pengyu told Radio Free Asia the claims made by Wray, Easterly and Nakasone were false.

"The Chinese government has been categorical in opposing hacking attacks and the abuse of information technology," Liu said.

"The United States has the strongest cyber technologies of all countries, but has used such technologies in hacking, eavesdropping more than others. We urge the U.S. side to stop making irresponsible criticism against other countries on the issue of cyber-security."

Edited by Malcolm Foster. Updated to include comments from Chinese Embassy spokesperson Liu Pengyu.