As President-elect Donald Trump commences his second term on Monday, he is confronted with an unprecedented foreign threat from Chinese hackers. Over the past few years, the United States has witnessed three distinct Chinese hacking campaigns, including infiltrations of U.S. government computers used by top Biden administration officials. While China has been a longstanding cyber adversary of the U.S., experts and officials now warn that Chinese cyber capabilities have significantly escalated during the Biden administration, posing one of the most substantial cyber challenges to date.
Adam Segal, a former senior cybersecurity adviser in the State Department, stated, “I don’t think there’s any doubt that the risk of Chinese cyberattacks has gone up,” noting the noticeable increase in Chinese cyber capabilities over the past four years. The most recent breach, discovered in December, granted hackers access to files from the Treasury Department, prompting the department to label it a “major incident” and impose sanctions on a Chinese company allegedly involved in the cyber activities.
Among the notable breaches was one named Salt Typhoon, which compromised telecommunications giants such as AT&T and Verizon, allowing hackers to access phone calls from the Trump and Harris campaigns, as well as phone records of over a million Americans. FBI Director Christopher Wray referred to this breach as potentially the “most significant cyber espionage campaign in history.” Another major threat, known as Volt Typhoon, involves hackers infiltrating critical infrastructure like power, communications, and water facilities, potentially pre-positioning for scenarios of military conflict, such as a Chinese invasion of Taiwan, to disrupt U.S. responses.
While efforts have been made by companies like AT&T and Verizon to remove the hackers from their systems, White House officials caution that the Salt and Volt Typhoon hacks are ongoing operations, with hackers persistently attempting to regain access. Despite denials from China, the U.S. government acknowledges the severity of the cyber threats and the need for enhanced security measures.
In response to these challenges, President Joe Biden signed an executive order addressing cybersecurity issues, granting more authority to agencies like the Cybersecurity and Infrastructure Security Agency to monitor federal networks for malicious activities. Additionally, discussions among senators have highlighted the necessity of bolstering U.S. telephone networks and implementing comprehensive cybersecurity measures to counter China’s persistent and evolving cyber threats.
Experts are recommending a more aggressive approach to combat Chinese espionage by establishing a credible threat of retaliation. The incoming Trump administration aims to be more confrontational and proactive in addressing cyber threats. Brian Hughes, a Trump-Vance transition spokesperson, emphasized the need to impose costs on those who steal data and attack infrastructure. Trump’s pick for national security adviser, Rep. Michael Waltz, suggested a shift towards offensive measures to deter cyber threats. The elimination of the federal government’s cybersecurity czar under Trump drew criticism, while experts praised the Biden administration’s cyber policies. Chris Painter, a former cyber diplomat, expressed concerns about China’s unchecked cyber activities and the effectiveness of current approaches. Addressing vulnerabilities in private companies and regulating cyber activities were key strategies under the Biden administration that may see changes under Trump. Despite ongoing challenges, the U.S. continues to disrupt China’s hacking infrastructure and defend against cyber threats.
Classified operations aimed at disrupting Chinese hacking activities make it difficult to fully assess their impact, raising questions about the effectiveness of such approaches in the long run. Brandon Wales, who served as the executive director of the U.S. Cybersecurity and Infrastructure Security Agency during the initial Trump administration, expressed skepticism about the efficacy of solely targeting hacker infrastructure.
Wales pointed out that while offensive cyber operations can disrupt adversary plans and infrastructure, both nation-state actors and criminal groups have demonstrated the ability to swiftly rebuild their capabilities. Reflecting on these observations, Wales, who currently serves as the vice president for cybersecurity strategy at SentinelOne, emphasized the crucial decision-making process regarding when and how to engage in offensive cyber activities.
Highlighting the strategic implications, Wales questioned the strategic considerations of expending resources to target Chinese networks now versus preserving these capabilities for potential future conflicts where they could play a decisive role. This strategic dilemma underscores the complex nature of cybersecurity operations and the need for careful planning and foresight in navigating this evolving landscape.
In a dynamic cyber environment characterized by rapid technological advancements and persistent threats, the debate surrounding the most effective approach to countering malicious cyber activities remains a subject of ongoing discussion among cybersecurity experts and policymakers. As nations grapple with the challenges posed by sophisticated cyber adversaries, the need for a comprehensive and sustainable cybersecurity strategy has become increasingly apparent.
The insights shared by Wales shed light on the nuanced considerations that inform decision-making in the realm of cybersecurity, underscoring the importance of a strategic and forward-thinking approach to addressing cyber threats. By examining the potential consequences of different courses of action and weighing the trade-offs involved, cybersecurity professionals can better position themselves to safeguard critical infrastructure and defend against emerging threats.
As the global cybersecurity landscape continues to evolve, the lessons drawn from past experiences and the insights of experts like Brandon Wales serve as valuable resources in shaping effective cybersecurity policies and practices. By fostering a culture of innovation, collaboration, and resilience, stakeholders can enhance their ability to adapt to emerging cyber challenges and effectively mitigate risks to the digital ecosystem.
Ultimately, the ongoing dialogue surrounding the effectiveness of offensive cyber operations against malicious actors highlights the need for a holistic and strategic approach to cybersecurity that prioritizes resilience, adaptability, and collaboration. By embracing these principles and leveraging the expertise of cybersecurity professionals, nations can enhance their cyber defenses and mitigate the impact of cyber threats on critical infrastructures and national security.
