The Quiet Threat of China’s Typhoon Cyber Operations

China's cyberattacks against the US telecommunications sectors and other critical infrastructure, – Wong Yu Liang | (via NextGov)

When there is a kinetic attack on the US, the public witnesses the physical effects, and there is often destruction and death tolls that prove an attack occurred. With a cyberattack, the effects are less visible and can go unnoticed for months or even years. Cyberspace is considered a warfighting domain where the participants are more than just soldiers representing countries; they include nation-states, non-state actors, criminals, terrorists, and individuals. This makes cyberspace different from other warfighting domains and harder to protect. Cyber attacks do not discriminate against their victims and can affect average citizens, yet there is insufficient public knowledge about how to properly navigate cyberspace or how China’s cyber operations are affecting average civilians.

The International Laws of Armed Conflict state that a nation must distinguish between civilians and soldiers in an attack, and must not harm non-combatants. This does not always happen in cyberspace, and cyberattacks can have both direct and indirect effects on ordinary civilians. The US faces the biggest cyber threats from countries like the People’s Republic of China (PRC), Russia, Iran, and North Korea. But the most persistent threats come from China, which continually targets the US and its interests. Its recent and alarming efforts include the Typhoon campaigns, which are some of the most imminent cyber threats to US national security.

The Salt Typhoon campaign is a cyberespionage effort where China has hacked into almost every major telecommunications company, stealing customer data and targeting political figures. China remains in these systems, allowing them to gather information on the US public and private sectors over a long period of time. The campaign has affected 80 countries, and it’s suspected that China has stolen information from almost every American. The Salt Typhoon campaign is considered the widest and most advanced cyberespionage campaign against the US and poses a continuing threat to US national security.

Additionally, China is responsible for the Volt Typhoon campaigns, which may pose an even greater long-term threat.Volt Typhoon employs techniques such as “living off the land” to pre-position within US critical infrastructure systems. “Living off the land” refers to cyber actors evading system security measures by using existing tools and programs within a system.

China has already compromised systems in the Communications, Energy, Transportation, and Water and Wastewater sectors, but these are not its sole targets. This campaign extends beyond cyberespionage and demonstrates China’s strategic planning in its cyber race with the US. There is no immediate economic or intelligence value to this campaign; China is simply laying the groundwork for future tools to use in war.

Pre-positioning is a precursor to an attack, designed to sow doubt in capabilities and create unprecedented levels of confusion and chaos. If there’s suspicion that China has compromised a system, the US may mistrust that system and be hesitant to use it.This could include anything from a communications network to an electric grid to a drone fleet, all of which would be significantly disruptive. More concerning, China could degrade US military efforts. In a potential conflict, like China’s promised invasion of Taiwan, China could gain an advantage by delaying US troop deployment or meddling with defense platform capabilities.This raises serious concerns about China’s cyber capabilities and how it will affect US response capabilities in the event of an attack.

With these pre-positionings, the average US citizen would not be exempt from the effects of such attacks. As Chinese leader Xi Jinping stated, the US will face attacks “everywhere, everything, all at once.” China has been found inside networks and systems unrelated to the federal government, such as water systems in small rural towns or metropolitan transportation systems. This is suspected to be China preparing for potential distractions at home to divert resources away from other matters. Once in critical infrastructure systems, China could shut down power, poison water supplies, halt transportation, and more.

While the direct effects of China’s cyber campaigns are not immediately felt by the public, this does not mean that they won’t eventually be. Currently, defenses for critical infrastructure are not sufficient to fully prevent China and other cyber actors from breaching these systems. Continuous cooperation between the public and private sectors in assessing and identifying cyberattacks remains crucial. Although defending against all actors remains challenging, increased information sharing can help close gaps in security measures and address developing threats in cyberspace. In addition, public awareness and knowledge surrounding cybersecurity do not demonstrate the scale and gravity they pose. Human error, whether faulty passwords or carelessness, remains one of the main reasons for cyber attacks. There must be increased education for citizens on how to stay safe online and exercise caution in cyberspace.