China wants to target critical infrastructure like water facilities and energy grids, FBI director said

Chinese state-sponsored hackers have conducted widespread cyberattacks on critical American infrastructure in recent years, intending to give the country the ability to cause “a devastating blow” against the US, according to FBI Director Christopher Wray.

“The fact is, the PRC [People’s Republic of China] targeting of our critical infrastructure is both broad and unrelenting,” he told a security conference in Nashville on Thursday, describing China’s hacking programme as growing in strength.

“It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” he added.

Last year, security analysts at Microsoft identified mysterious code linked to communications systems in Guam, the US territory in the Pacific with a massive strategic air base.

Officials believe the code was the work of Volt Typhoon, a Chinese state-sponsored hacking group.

  • Wooki@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    6 months ago

    Essentially vs actually is conflation. Zero trust and segmentation is marketing. If its connected its vulnerable. value just determines when. if you really are in the industry the big vulnerability everyone has been talking about last week is evidence enough to the fact.

    • DemSpud@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      Oh yea poor old Palo Alto Networks is having a rough time at the moment. But a mature OT network has implemented defence in depth correctly and have a plan in place for incidents such as this one should they occur. I know a few sites who have had to island until they were able to put vulnerability mitigation in place, the good thing is that they could do this without disrupting their OT operations significantly. What you’re saying is correct, if its connected its only a matter of when not if, but you design your system with this in mind.

      At the end of the day corporations are going to want business data from your site, and we need to design around that. To fight it and just air gap is going to result in you getting side stepped and your system being even more vulnerable. It’s going to happen either way so we need to make sure we have the plans in place to implement it as safely as possible.