The Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the threat posed by China within the cyber realm is evolving and much more serious today than it was a decade ago – particularly when it comes to potentially targeting the United States’ critical infrastructure.
According to CISA’s Brandon Wales, the U.S. must work to ensure a degree of cyber resilience against any looming attacks on the nation’s critical infrastructure.
“We need to make sure that we are raising awareness across the country that this is a serious threat that everyone who operates infrastructure that Americans rely upon need to take seriously,” Wales said during a Washington Post Live event today.
It’s all about the mindset, he said. “We’ve got a very diverse infrastructure – we’ve got a lot of potential targets that China could potentially exploit.”
“It is incumbent upon us to realize that we may not stop every attack, we may not be able to fully defend our way out of it,” Wales explained. “What we need to ensure is that we have the degree of resilience in our systems that will allow us to continue to operate even in the face of an aggressive actor.”
The CISA official said that this means the nation must look at resiliency “holistically.” Last week, Wales said he talked to the directors of every state’s emergency management office “about what they need to do to plan and prepare for disruptions so that they’re ready to make sure that their communities can go on.”
“Our infrastructure needs to have operational resilience, functional resilience, that even in the face of degradation, even if their systems are under attack, they can continue to deliver the vital functions,” he said. “The water should continue to flow even if there are a loss of the operational control technology that they utilize.”
Wales admitted that intelligence officials do not expect China to attack U.S. critical infrastructure unless it’s at the beginning of or during a conflict.
One country that the U.S. should look up to when it comes to cyber resiliency, Wales said, is Ukraine.
“They have worked hard … in the eight years between 2014 and 2022, when Russia reinvaded, to build that resilience into their systems,” Wales said. “One, to improve their cybersecurity – a lot of hard work by Ukrainian cyber defenders, supported by the U.S., supported by other Western countries in the private sector. They made things harder for Russia to achieve their goals and more importantly, they demonstrated that they worked across their critical infrastructure to ensure that they can continue to operate in the face of both kinetic attacks, missiles, bombs, direct targeting of their critical infrastructure, and cyberattacks.”
“The pace of cyberattacks against Ukraine never let up. Russia has been extremely aggressive in targeting,” he added. “But ultimately, Ukraine worked together to build a really resilient posture for their country. And even in the face of those operations, they’ve been able to maintain their society.”