Federal officials said this week that international collaboration and better sharing of actionable security guidance are needed to help meet the challenge of increasingly sophisticated cyberattacks from China and other adversaries who are making the ability to attack critical infrastructure industries part of their military strategies.
Speaking at the 2024 AFCEA/INSA Intelligence & National Security Summit on Aug. 28, those officials said that securing critical infrastructure – with a particular concern for water infrastructure – is top of mind for not only the U.S. but other countries as well.
Findings released earlier this year by Forescout Research – Vedere Labs estimate more than 420 million attacks globally on critical infrastructure between January and December 2023 – marking a 30 percent increase from the prior year.
“I look at it as quite irresponsible if you think about kind of the norms of military operations and proportionality and necessity of targeting, because if they were to hit these water systems or transportation systems, it’s going to affect a very large civilian population, not just military targets,” said David Frederick, assistant deputy director for China at the National Security Agency (NSA).
Collaborative approaches among like-minded nations to counter the critical infrastructure security threat include developing cybersecurity guidance and support for other countries’ systems and infrastructure, with a focus on sharing threat data, said Liesyl Franz, deputy assistant secretary for international cyberspace security at the Department of State’s Bureau of Cyberspace and Digital Policy (CDP).
“In whole-of-government dialogues, we’ve started doing sort of technical exchanges more often and providing to the extent that we can information that we think will be a value in that for that country,” Franz said. She explained that CDP recently worked with the government of South Korea to brief the North Korea watch community on spear phishing tactics aimed at tricking victims into divulging sensitive data, downloading malware, or sending money to hackers.
Frederick said last week’s release of guidance for best practices in threat detection from several nations marks another step forward in international cybersecurity efforts.
The guidance – a collaboration between the U.S., U.K., Canada, New Zealand, Japan, Korea, Singapore, and the Netherlands – provides event logging support to assist in the “delivery of operations” which “improves the security and resilience of critical systems by enabling network visibility.”
The document includes enterprise-approved logging policies and guidance on centralized log collection and correlation, secure storage and event log integrity, and detection strategy for relevant threats.
“It’s an interesting example of whole-of-community – how the cybersecurity community is really trying to work together to bring everybody’s information together to deal with these threats that really are a threat to multiple nations,” said Frederick.
While the U.S. may be more protected against the impact of “significant economic coercion” by China due to the threat of strong retaliation, other countries have faced those kinds of pressure and are increasingly seeking cybersecurity guidance and support, Frederick added.
Other successful efforts to curb cyberattacks include public attribution – publicly tracking and identifying the perpetrator of a cyberattack or cyber operation – which Franz said can help keep security officials better informed.
She said the State Department has an “ambitious program” underway to engage other countries to assist in public attribution efforts.
China, Russia, Iran and North Korea continue to represent the greatest cyber threats to the U.S. with Volt Typhoon – a China state-sponsored actor that focuses on espionage and information gathering – pre-positioning itself on U.S. critical infrastructure networks to disrupt or destroy critical services, according to a warning issued by the U.S. government and other global partners earlier this year.
Other attacks on critical infrastructure include Russian hacktivists attacking critical infrastructure in Texas in January which led to the overflow of water storage tanks.
Recommendations made to prevent these attacks include following and “hardening” best practices in cybersecurity, developing skills and training for threat defense, and creating comprehensive information security plans.
