The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and international partners, have issued a joint fact sheet urging critical infrastructure entities to heed the warning of potential attacks by Chinese state-sponsored actors. This alert follows a February 2024 cybersecurity advisory highlighting the presence of an advanced persistent threat group dubbed Volt Typhoon, which has infiltrated the networks of numerous key infrastructure sectors, including transportation, energy, communications, and water and wastewater systems. Volt Typhoon employs sophisticated techniques, avoiding traditional malware and instead utilizing “living off the land” methods to maintain access and conduct activities covertly. While the full extent of the compromises is yet to be determined, the fact sheet stresses the strategic nature of these intrusions, raising concerns about potential disruption or destruction of key services in times of increased geopolitical tension or conflict.
The fact sheet provides guidance for leaders of critical infrastructure entities to address this imminent threat, emphasizing the need to prioritize the protection of infrastructure and functions. Leaders are urged to prioritize cyber risk as a business concern, empowering cybersecurity teams to make informed decisions and deploy defensive measures effectively. Key actions include implementing cybersecurity performance goals, ensuring continuous training and skill development for staff, and developing and testing comprehensive information security plans. Leaders are also advised to strengthen supply chain security by establishing robust vendor risk management processes, exercising due diligence in vendor selection, and promoting secure-by-design principles throughout procurement practices.
The fact sheet emphasizes the urgent need for critical infrastructure entities to adopt a proactive approach in mitigating the Volt Typhoon threat, emphasizing the severity of potential disruptions to key services. With Volt Typhoon’s demonstrated capability to maintain persistent access within compromised networks, organizations must remain vigilant and continuously adapt their defensive strategies to counter evolving cyber threats. Given the interconnected nature of critical infrastructure sectors, the ramifications of a successful attack could involve more than individual organizations, presenting potential risks to national security and public safety. As such, leaders are urged to prioritize cybersecurity investments and foster collaboration between IT, operational technology (OT), cloud, and business units to align security measures with broader business objectives and risk management strategies.
The fact sheet also highlights the importance of incident response preparedness in the face of Volt Typhoon’s threat. Organizations are advised to review and update their cyber incident response plans regularly, ensuring they are equipped to immediately detect, contain, and mitigate any malicious activity. Reporting incidents or suspicious activities to relevant authorities promptly is necessary to facilitate coordinated responses and information sharing efforts. Leaders are also encouraged to consider proactive retainer agreements with reputable third-party cybersecurity organizations to access specialized expertise and incident response services when needed. Critical infrastructure entities can improve their resilience against Volt Typhoon and other emerging cyber threats by embracing a proactive and collaborative approach to cybersecurity, safeguarding the integrity and reliability of important services for the benefit of society as a whole.